Re: [openssl.org #3301] [PATCH] Silently discard too long heartbeat messages per RFC 6520
Presumably this restriction is already enforced at the record level for
all message types?
On 11/04/2014 9:43 PM, Erik Auerswald via RT wrote:
> RFC 6520, section 4 states that
> "The total length of a HeartbeatMessage MUST NOT exceed 2^14 or
> max_fragment_length when negotiated as defined in [RFC6066]."
> "If the payload_length of a received HeartbeatMessage is too large,
> the received HeartbeatMessage MUST be discarded silently."
> The attached patch against git adds a check to silently discard heartbeat
> messages longer than 2^14 bytes.
> The max_fragment_length negotiation is not allowed to increase
> this value. RFC 6066 allows 2^9, 2^10, 2^11, or 2^12 as negotiated
> max_fragment_length values.