TLS heartbeat extension (later deprecated)
E698189
The TLS heartbeat extension was a Transport Layer Security protocol feature designed to keep secure connections alive and test reachability, later becoming widely known for the critical Heartbleed vulnerability that led to its deprecation.
All labels observed (1)
| Label | Occurrences |
|---|---|
| TLS heartbeat extension (later deprecated) canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T7928876 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: TLS heartbeat extension (later deprecated) Context triple: [TLS Working Group, responsibleFor, TLS heartbeat extension (later deprecated)]
-
A.
TLS 1.2
TLS 1.2 is a widely deployed version of the Transport Layer Security protocol that provides encrypted and authenticated communication over computer networks.
-
B.
ServerHello with extensions
ServerHello with extensions is a TLS handshake message variant that allows a server to include additional extension data to negotiate optional protocol features and capabilities with a client.
-
C.
TLS 1.1
TLS 1.1 is an older version of the Transport Layer Security protocol that improved upon earlier SSL standards but has since been deprecated in favor of more secure versions like TLS 1.2 and 1.3.
-
D.
TLS 1.2 Finished message
The TLS 1.2 Finished message is the protocol’s final handshake message that proves both parties share the same session keys and that the preceding handshake messages have not been tampered with.
-
E.
Server Name Indication extension
The Server Name Indication (SNI) extension is a TLS protocol feature that allows a client to indicate the hostname it is trying to connect to at the start of the handshake so that the server can present the correct certificate for virtual hosting.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: TLS heartbeat extension (later deprecated) Target entity description: The TLS heartbeat extension was a Transport Layer Security protocol feature designed to keep secure connections alive and test reachability, later becoming widely known for the critical Heartbleed vulnerability that led to its deprecation.
-
A.
TLS 1.2
TLS 1.2 is a widely deployed version of the Transport Layer Security protocol that provides encrypted and authenticated communication over computer networks.
-
B.
ServerHello with extensions
ServerHello with extensions is a TLS handshake message variant that allows a server to include additional extension data to negotiate optional protocol features and capabilities with a client.
-
C.
TLS 1.1
TLS 1.1 is an older version of the Transport Layer Security protocol that improved upon earlier SSL standards but has since been deprecated in favor of more secure versions like TLS 1.2 and 1.3.
-
D.
TLS 1.2 Finished message
The TLS 1.2 Finished message is the protocol’s final handshake message that proves both parties share the same session keys and that the preceding handshake messages have not been tampered with.
-
E.
Server Name Indication extension
The Server Name Indication (SNI) extension is a TLS protocol feature that allows a client to indicate the hostname it is trying to connect to at the start of the handshake so that the server can present the correct certificate for virtual hosting.
- F. None of above. chosen
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf |
TLS protocol extension
ⓘ
network protocol feature ⓘ |
| abbreviation | TLS heartbeat ⓘ |
| appliesTo |
client
ⓘ
server ⓘ |
| associatedCVE | CVE-2014-0160 ⓘ |
| associatedVulnerability | Heartbleed NERFINISHED ⓘ |
| consequence | widespread security incident in 2014 ⓘ |
| definedIn | RFC 6520 NERFINISHED ⓘ |
| designGoal |
avoid TCP-level keep-alives for TLS
ⓘ
lightweight keep-alive mechanism ⓘ |
| effectOfDeprecation | rarely enabled on modern secure deployments ⓘ |
| hasField |
padding
ⓘ
payload ⓘ payload length ⓘ |
| hasPurpose |
keep TLS connections alive
ⓘ
reduce need for renegotiation of TLS sessions ⓘ test peer reachability ⓘ |
| introducedFor |
DTLS 1.0
NERFINISHED
ⓘ
DTLS 1.2 NERFINISHED ⓘ TLS 1.0 NERFINISHED ⓘ TLS 1.1 NERFINISHED ⓘ TLS 1.2 NERFINISHED ⓘ |
| layer | transport layer ⓘ |
| ledTo |
changes in operational security practices
ⓘ
increased scrutiny of TLS implementations ⓘ revocation and reissuance of many TLS certificates ⓘ |
| messageDirection | bidirectional ⓘ |
| messageType |
HeartbeatRequest
ⓘ
HeartbeatResponse ⓘ |
| negotiatedVia | TLS extension mechanism ⓘ |
| notableImplementation | OpenSSL NERFINISHED ⓘ |
| notableImplementationBug | OpenSSL Heartbleed bug NERFINISHED ⓘ |
| partOf | Transport Layer Security NERFINISHED ⓘ |
| protocolFamily |
DTLS
NERFINISHED
ⓘ
TLS NERFINISHED ⓘ |
| requires | support from both peers ⓘ |
| securityRecommendation |
disable heartbeat extension on servers
ⓘ
upgrade vulnerable TLS libraries ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| status | deprecated in practice ⓘ |
| usesMechanism | periodic heartbeat request and response messages ⓘ |
| vulnerabilityCause | insufficient bounds checking in some implementations ⓘ |
| vulnerabilityImpact |
exposure of user credentials
ⓘ
information disclosure ⓘ leakage of process memory ⓘ potential exposure of private keys ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: TLS heartbeat extension (later deprecated) Description of subject: The TLS heartbeat extension was a Transport Layer Security protocol feature designed to keep secure connections alive and test reachability, later becoming widely known for the critical Heartbleed vulnerability that led to its deprecation.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.