查看文章

Several vulnerabilities were detected in the open SSL connection versions 1.0.1 and 1.0.1f. Usually, in the previous versions of SSL/TLS, once an SSL connection is established between a client and a server, the connection will stay until the client or server is idle for a certain amount of time, after which the connection will be dropped. The idea of keeping the session connected was proposed in 2012. The initial idea introduced Heartbeat Messages that are indirectly called “keep alive packets”. These “keep alive packets” or “heartbeat packets” are transmitted in between client and server when the SSL session is ideal for a certain amount of time. Regarding “keep alive packets” or “heartbeat packets” mechanisms, these packets are stored in the same memory in which most sensitive information of the client and server is stored. When it is one of the peer's turn to return the heartbeat message, that peer takes the …