With  an "intentionally corrupted" tls1_heartbeat() in Openssl 1.0.2l, heart 
beat requests with big payloads such as 16300 or slightly more can be 
repeatedly sent to the server. 

The server, religiously responds back with such big payloads after spending its 
cpu on encrypting/HMAC computing on the payload in the heartbeat response 

I confirmed the above with s_server/s_client.

The RFC doesn't say anything about this possible exploit/DOS attack.
The RFC also allows such big payloads. 

While such payloads might be meeting some requirement (PMTU computation ?),, 
the frequency of such big messages (continuous repeats) must certainly be 

I see that this extn is disabled in openssl-master but I could see that some 
servers (eg yahoo) do respond to heartbeat requests which means that they are 
running some ssl implementation (probably Openssl) which is vulnerable to 
continuous repeated big HB requests.

Is the problem mentioned above a problem indeed or I am missing something ?

Could the solution be a restricted count of HB requests along with a timer? 


openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to