From 28c6e42ee761b1c55cafd188aa49a174963d43df Mon Sep 17 00:00:00 2001
From: Fedor Indutny <fedor.indutny@gmail.com>
Date: Tue, 26 Mar 2013 22:33:14 +0400
Subject: [PATCH] openssl: disable HEARTBEAT TLS extension

Microsoft's IIS doesn't support it, and is not replying with ServerHello
after receiving ClientHello which contains it.

The good way might be allowing to opt-out this at runtime from
javascript-land, but unfortunately OpenSSL doesn't support it right now.

see #5119
---
 deps/openssl/openssl.gyp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/deps/openssl/openssl.gyp b/deps/openssl/openssl.gyp
index 0b08ecdf5d6..77af4de8de5 100644
--- a/deps/openssl/openssl.gyp
+++ b/deps/openssl/openssl.gyp
@@ -16,7 +16,13 @@
         # No clue what these are for.
         'L_ENDIAN',
         'PURIFY',
-        '_REENTRANT'
+        '_REENTRANT',
+
+        # Heartbeat is a TLS extension, that couldn't be turned off or
+        # asked to be not advertised. Unfortunately this is unacceptable for
+        # Microsoft's IIS, which seems to be ignoring whole ClientHello after
+        # seeing this extension.
+        'OPENSSL_NO_HEARTBEATS',
       ],
       'sources': [
         'openssl/ssl/bio_ssl.c',