Can we drop support for TLS heartbeating? #187

Closed
randombit opened this Issue Jul 9, 2015 · 0 comments

Projects

None yet

1 participant

@randombit
Owner

It adds complexity to the main TLS protocol flows and so introduces risks, potentially even in applications which have it turned off (the default). The general consensus post Heartbleed seems to be PMTU discovery and connection heartbeating should be done by the application instead. Should we follow that and remove the following APIs on TLS::Channel

  bool peer_supports_heartbeats() const;
  bool heartbeat_sending_allowed() const;
  void heartbeat(const byte payload[], size_t payload_size, size_t pad_bytes = 0);
  void heartbeat() { heartbeat(nullptr, 0); }

and all support for negotiating, sending or processing heartbeat messages? Is there a compelling reason to keep the heartbeat extension?

@randombit randombit added a commit that referenced this issue Oct 19, 2015
@randombit Remove heartbeat support from TLS. GH #187 ec50e0c
@randombit randombit closed this Feb 7, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment