So, about Heartbleed again, why does SSL/TLS allow the client to specify the message and its length in the heartbeat requests, rather than sending a simple ping?
Asked
Active
Viewed 190 times
1 Answers
2
Heartbeat requests are intended for use with connectionless SSL over UDP. A simple ping tells you only that the computer at the other end is up (or not); by including a payload, a program can associate heartbeat requests with specific transactions, detect dropped or out-of-order replies, and do other things that a simple "are you there?" can't do.
That said, I suspect the real reason that heartbeat requests have a payload is that they were modeled on ICMP "echo" requests, without understanding why ICMP echo permits a payload. The ICMP echo payload is intended for low-level network troubleshooting.
Mark
- 34,390
- 9
- 85
- 134