Hi, It seems the DTLS heartbeat extension is still supported in current OpenSSL versions (at least that's my impression while playing around with `s_server` with verbose debug logging).
I've talked extensively to cryptographers and implementors about this extension, I'm not aware of a single use case of DTLS heartbeats. WebRTC applications are probably not going to rely on DTLS to manage /something like/ heartbeats but will manage that on a application level. As far as I know, most WebRTC clients do exactly that. Going through your RT I could not find a appropriate bug filed for the removal of this -- rather unnecessary -- extension (I'm sure there has been discussion previously, but opening a bug seems reasonable). Please correct me if I'm wrong. Since the feature is in there, it might make more sense to have a compile-time option to _enable_ DTLS heartbeats rather than to disable them (which a lot of hosting companies and CDNs do right now). Thanks for your consideration and time, Aaron
signature.asc
Description: PGP signature
_______________________________________________ openssl-dev mailing list openssl-dev@openssl.org https://mta.openssl.org/mailman/listinfo/openssl-dev