The purpose of the HEARTBEAT message is for DTLS applications to determine the 
maximum packet size and tune the application records accordingly. There is 
never any reason to use this in TCP-based TLS; that was an OpenSSL bug that 
enabled it there.

The usefulness of HEARTBEAT even in DTLS is probably pretty small and it is 
probably safer to just turn it off. Spending time and code to “protect it” is 
probably not worth the effort.

openssl-dev mailing list
To unsubscribe:

Reply via email to