openssl: disable HEARTBEAT TLS extension

Microsoft's IIS doesn't support it, and is not replying with ServerHello after receiving ClientHello which contains it. The good way might be allowing to opt-out this at runtime from javascript-land, but unfortunately OpenSSL doesn't support it right now. see nodejs#5119
davepacheco · Mar 27, 2013 · 28c6e42 · 28c6e42
1 parent f0b6889
commit 28c6e42
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/deps/openssl/openssl.gyp b/deps/openssl/openssl.gyp
@@ -16,7 +16,13 @@
         # No clue what these are for.
         'L_ENDIAN',
         'PURIFY',
-        '_REENTRANT'
+        '_REENTRANT',
+
+        # Heartbeat is a TLS extension, that couldn't be turned off or
+        # asked to be not advertised. Unfortunately this is unacceptable for
+        # Microsoft's IIS, which seems to be ignoring whole ClientHello after
+        # seeing this extension.
+        'OPENSSL_NO_HEARTBEATS',
       ],
       'sources': [
         'openssl/ssl/bio_ssl.c',