On 13 Apr 2014, at 12:25 PM, Hanno Böck <ha...@hboeck.de> wrote: > I wasn't really sure where to ask this, but I think this list is > appropriate. > > While having read so much about heartbleed, one question stays > unanswered for me all the time: > What's the use of this heartbeat extension? I mean not the theoretical > use (I can imagine that) but the use in practise. > > Is there any software out there that doees anything with heatbeat? And > more specifically: If there is, is it using TCP or UDP?
The RFC answers this: https://tools.ietf.org/html/rfc6520 1.1. Overview This document describes the Heartbeat Extension for the Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) protocols, as defined in [RFC5246] and [RFC6347] and their adaptations to specific transport protocols described in [RFC3436], [RFC5238], and [RFC6083]. DTLS is designed to secure traffic running on top of unreliable transport protocols. Usually, such protocols have no session management. The only mechanism available at the DTLS layer to figure out if a peer is still alive is a costly renegotiation, particularly when the application uses unidirectional traffic. Furthermore, DTLS needs to perform path MTU (PMTU) discovery but has no specific message type to realize it without affecting the transfer of user messages. TLS is based on reliable protocols, but there is not necessarily a feature available to keep the connection alive without continuous data transfer. The Heartbeat Extension as described in this document overcomes these limitations. The user can use the new HeartbeatRequest message, which has to be answered by the peer with a HeartbeartResponse immediately. To perform PMTU discovery, HeartbeatRequest messages containing padding can be used as probe packets, as described in [RFC4821]. Regards, Graham -- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
