[stunnel-users] Syringe

Michal Trojnara Michal.Trojnara at mirt.net
Mon Apr 21 23:39:01 CEST 2014


On 2014-04-21 23:11, Javier wrote:
> thanks for the tool. No one of my important apps are vulnerable so
> let's hope I'm safe.
>
> But the question here is... why implement a response to a HeartBeat,
> what's actually a keep-alive message, in a client?
>
> It's beyond my imagination :-?
>
> Usually are clients who want to keep alive the connection, not
> servers, that try to finish connections as soon as possible.

I can imagine some scenarios that might benefit from server-generated
heartbeat requests.  For example a server might use heartbeats to detect
dead clients and free its resources.

It is even more useful for DTLS, as TLS might use TCP keepalive in order
to get similar functionality (although without cryptographic integrity
protection).

Also, finishing connections as soon as possible is only a good idea for
some protocols.  For example WebSocket, IRC or SSH connections were
specifically designed to remain open for prolonged periods of time.

Mike

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20140421/b574a37e/attachment.sig>


More information about the stunnel-users mailing list