Add TLS::Policy::negotiate_heartbeat_support which controls if the

client will offer heartbeats (or if a server will negotiate them if
the client offers). Defaults to false, which is probably the right
behavior in terms of minimizing surprise and attack surface.

2 files changed, 11 insertions, 3 deletions

diff --git a/doc/relnotes/1_11_1.rst b/doc/relnotes/1_11_1.rst
index bfc513d04..ec4033280 100644
--- a/doc/relnotes/1_11_1.rst
+++ b/doc/relnotes/1_11_1.rst
@@ -33,9 +33,9 @@ persistent storage by 1.11.0 will not load in this version and vice
 versa. In either case this will not cause any errors, the session will
 simply not resume and instead a full handshake will occur.
 
-New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version`
-and :cpp:func:`TLS::Policy::allow_server_initiated_renegotiation` were
-added.
+New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version`,
+:cpp:func:`TLS::Policy::allow_server_initiated_renegotiation`, and
+:cpp:func:`TLS::Policy::negotiate_heartbeat_support` were added.
 
 TLS clients were not sending a next protocol message during a session
 resumption, which would cause resumption failures with servers that
diff --git a/doc/tls.rst b/doc/tls.rst
index a0f2c4f48..3aec3254c 100644
--- a/doc/tls.rst
+++ b/doc/tls.rst
@@ -512,6 +512,14 @@ be negotiated during a handshake.
 
         TLS compression is not currently supported.
 
+ .. cpp:function:: bool negotiate_heartbeat_support() const
+
+     If this function returns true, clients will offer the heartbeat
+     support extension, and servers will respond to clients offering
+     the extension. Otherwise, clients will not offer heartbeat
+     support and servers will ignore clients offering heartbeat
+     support.
+
  .. cpp:function:: bool allow_server_initiated_renegotiation() const
 
      If this function returns true, a client will accept a