Hi Erik,
Presumably this restriction is already enforced at the record level for
all message types?
Regards,
Pete Dettman
On 11/04/2014 9:43 PM, Erik Auerswald via RT wrote:
RFC 6520, section 4 states that
"The total length of a HeartbeatMessage MUST NOT exceed 2^14 or
max_fragment_length when negotiated as defined in [RFC6066]."
and
"If the payload_length of a received HeartbeatMessage is too large,
the received HeartbeatMessage MUST be discarded silently."
The attached patch against git adds a check to silently discard heartbeat
messages longer than 2^14 bytes.
The max_fragment_length negotiation is not allowed to increase
this value. RFC 6066 allows 2^9, 2^10, 2^11, or 2^12 as negotiated
max_fragment_length values.
Thanks,
Erik
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
