Is openssl sending heartbeat response packets during the handshake, and if so, should it be sending them during the handshake?
The heartbleed web site indicates that openssl is responding to heartbeat requests during the handshake. http://heartbleed.com/ "... heartbeat request can be sent and is replied to during the handshake phase of the protocol. " But RFC6520 clause 3 seems to indicate that heartbeat request packets should not be sent or responded to during the handshake. https://tools.ietf.org/html/rfc6520 " However, a HeartbeatRequest message SHOULD NOT be sent during handshakes. If a handshake is initiated while a HeartbeatRequest is still in flight, the sending peer MUST stop the DTLS retransmission timer for it. The receiving peer SHOULD discard the message silently, if it arrives during the handshake. In case of DTLS, HeartbeatRequest messages from older epochs SHOULD be discarded." **The receiving peer SHOULD discard the message silently, if it arrives during the handshake.** Transmission of heartbeat request packets already seems to have a check to prevent transmission during the handshake... -- <ssl/t1_lib.c> tls1_heartbeat() and <ssl/d1_both.c> dtls1_heartbeat() already have a check for "... and no handshake in progress". Does receive need a similar check in <ssl/t1_lib.c> tls1_process_heartbeat() and <ssl/d1_both.c> dtls1_process_heartbeat()? Or is there a similar check already made elsewhere in the code?