In the particular application where I used both TLS and DTLS, application-layer heartbeats were used, and it gave the app visibility into the connection status.
I agree, TLS/DTLS Heartbeats aren’t very useful. -- -Todd Short // tsh...@akamai.com<mailto:tsh...@akamai.com> // "One if by land, two if by sea, three if by the Internet." On Dec 5, 2017, at 2:21 PM, Salz, Rich via openssl-dev <openssl-dev@openssl.org<mailto:openssl-dev@openssl.org>> wrote: The purpose of the HEARTBEAT message is for DTLS applications to determine the maximum packet size and tune the application records accordingly. There is never any reason to use this in TCP-based TLS; that was an OpenSSL bug that enabled it there. The usefulness of HEARTBEAT even in DTLS is probably pretty small and it is probably safer to just turn it off. Spending time and code to “protect it” is probably not worth the effort. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev