On 11/04/14 16:40, William Sargent wrote: >> Actually the protocol *did* specify that: >> >> https://tools.ietf.org/html/rfc6520#section-4 >> >> # If the payload_length of a received HeartbeatMessage is too large, >> # the received HeartbeatMessage MUST be discarded silently. > > There is a formally verified version of TLS, miTLS. I’d be curious to see > how it measures > up against the attack tools. > > http://www.mitls.org/wsgi
miTLS does not support the heartbeat extension, and so is not vulnerable. (The only extension it supports is renegotiation_info.) -- Daira Hopwood ⚥
signature.asc
Description: OpenPGP digital signature
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
