openssl: disable HEARTBEAT TLS extension

Microsoft's IIS doesn't support it, and is not replying with ServerHello after receiving ClientHello which contains it. The good way might be allowing to opt-out this at runtime from javascript-land, but unfortunately OpenSSL doesn't support it right now. see #5119
2013-03-26 22:33:14 +04:00 · 2013-03-26 22:33:14 +04:00 · 28c6e42ee7
parent f0b68892d4
commit 28c6e42ee7
1 changed files with 7 additions and 1 deletions
--- a/deps/openssl/openssl.gyp
+++ b/deps/openssl/openssl.gyp
@ -16,7 +16,13 @@
        # No clue what these are for.
        'L_ENDIAN',
        'PURIFY',
-        '_REENTRANT'
+        '_REENTRANT',
+
+        # Heartbeat is a TLS extension, that couldn't be turned off or
+        # asked to be not advertised. Unfortunately this is unacceptable for
+        # Microsoft's IIS, which seems to be ignoring whole ClientHello after
+        # seeing this extension.
+        'OPENSSL_NO_HEARTBEATS',
      ],
      'sources': [
        'openssl/ssl/bio_ssl.c',