thanks Hanno and Rich. -------------------------------------------- On Tue, 12/5/17, Hanno Böck <[email protected]> wrote:
Subject: Re: [openssl-dev] frequency and size of heartbeat requests To: [email protected] Cc: "Jitendra Lulla" <[email protected]> Date: Tuesday, December 5, 2017, 9:59 PM On Tue, 5 Dec 2017 19:14:41 +0000 (UTC) Jitendra Lulla via openssl-dev <[email protected]> wrote: > Could the solution be a restricted count of HB requests along with a > timer? No, the solution is to disable TLS heartbeats. I actually wanted to bring this up when I recently noticed that OpenSSL still enables the heartbeat extension by default in every clienthello it sends. In the whole Heartbleed aftermath nobody was ever able to tell me where TLS Heartbeats are used. It's a feature in order to have a feature. -- Hanno Böck https://hboeck.de/ mail/jabber: [email protected] GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
