We wouldn't have had heartbleed if the SSL/TLS designers hadn't thought it necessary to include a heartbeat protocol - precisely because they couldn't trust TCP on its own to do this. (Why one would ever want to send a 4KB heartbeat packed beats me though.)