Re: [openssl-dev] frequency and size of heartbeat requests
On Tue, 5 Dec 2017 19:21:50 + "Salz, Rich via openssl-dev"wrote: > There is never any reason to use this in TCP-based TLS; > that was an OpenSSL bug that enabled it there. I opened an issue for this bug, so it can be fixed: https://github.com/openssl/openssl/issues/4856 -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] frequency and size of heartbeat requests
thanks Hanno and Rich. On Tue, 12/5/17, Hanno Böck <ha...@hboeck.de> wrote: Subject: Re: [openssl-dev] frequency and size of heartbeat requests To: openssl-dev@openssl.org Cc: "Jitendra Lulla" <lull...@yahoo.com> Date: Tuesday, December 5, 2017, 9:59 PM On Tue, 5 Dec 2017 19:14:41 + (UTC) Jitendra Lulla via openssl-dev <openssl-dev@openssl.org> wrote: > Could the solution be a restricted count of HB requests along with a > timer? No, the solution is to disable TLS heartbeats. I actually wanted to bring this up when I recently noticed that OpenSSL still enables the heartbeat extension by default in every clienthello it sends. In the whole Heartbleed aftermath nobody was ever able to tell me where TLS Heartbeats are used. It's a feature in order to have a feature. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] frequency and size of heartbeat requests
On Tue, 5 Dec 2017 19:14:41 + (UTC) Jitendra Lulla via openssl-devwrote: > Could the solution be a restricted count of HB requests along with a > timer? No, the solution is to disable TLS heartbeats. I actually wanted to bring this up when I recently noticed that OpenSSL still enables the heartbeat extension by default in every clienthello it sends. In the whole Heartbleed aftermath nobody was ever able to tell me where TLS Heartbeats are used. It's a feature in order to have a feature. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] frequency and size of heartbeat requests
The purpose of the HEARTBEAT message is for DTLS applications to determine the maximum packet size and tune the application records accordingly. There is never any reason to use this in TCP-based TLS; that was an OpenSSL bug that enabled it there. The usefulness of HEARTBEAT even in DTLS is probably pretty small and it is probably safer to just turn it off. Spending time and code to “protect it” is probably not worth the effort. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev