init

author Georgios Kontaxis <redacted>

Tue, 16 Feb 2016 02:37:07 +0000 (21:37 -0500)

committer Georgios Kontaxis <redacted>

Tue, 16 Feb 2016 02:37:07 +0000 (21:37 -0500)
author Georgios Kontaxis <redacted>
Tue, 16 Feb 2016 02:37:07 +0000 (21:37 -0500)
committer Georgios Kontaxis <redacted>
Tue, 16 Feb 2016 02:37:07 +0000 (21:37 -0500)
diff --git a/README.md b/README.md

new file mode 100644 (file)

index 0000000..1bc422c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,16 @@
+# TLS Heartbleed Early
+This program sends an SSL 3 ClientHello message with the Heartbeat
+extension and immediately requests a heartbeat from the server without
+completing the TLS handshake.
+
+RFC 5246 states that "a HeartbeatRequest message SHOULD NOT be sent during
+handshakes. If a handshake is initiated while a HeartbeatRequest is still
+in flight, the sending peer MUST stop the DTLS retransmission timer for it.
+The receiving peer SHOULD discard the message silently, if it arrives
+during the handshake."
+
+However, servers linked to OpenSSL 1.0.1f will respond to such early
+heartbeat requests. This makes them vulnerable to Heartbleed even if
+they require client-side certificates to complete the TLS handshake.
+Had OpenSSL correctly implemented the RFC this would not have been an
+issue.
author	Georgios Kontaxis <redacted>
	Tue, 16 Feb 2016 02:37:07 +0000 (21:37 -0500)
committer	Georgios Kontaxis <redacted>
	Tue, 16 Feb 2016 02:37:07 +0000 (21:37 -0500)