Hi n8, I am converting a TLS server(which uses one thread per client) to use IOCP (in Windows 2008 server).
All your answers have cleared my doubts on IOCP threading vs SSL thread-safe issues. Could you please reply, were you able to successfully implement your SSL server with 4 worker threads to handle multiple(or thousands) SSL clients (using IOCP) successfully? For now, I would like to know implementing SSL server via IOCP is feasible? I will study / design further based on your reply. Thanks Vadi n8leon wrote: > > Again, thanks for all the pointers, these are really helpful getting > me going in the right direction. > I am still digesting all of your info, but wanted to discuss this > point further, as it almost sounds like a show-stopper: > >> be aware that SSL BIO's (and (SSL*) sessions!) are 'threadsafe' in the >> sense that OpenSSL *assumes* a (SSL *) or >> /any/ BIO remains inside a single thread from the moment it becomes >> 'active', i.e. is set up / is going to do some work. > > As you pointed out, "the IOCP model does NOT tie a socket to a single > thread." In fact, I will likely have four worker threads receiving > traffic off the wire, hopefully supporting many thousands of > simultaneous client sessions, and each client session consisting of > multiple command/data submissions. Thus, it is most likely that all > of the submissions from a single client session will NOT hit the same > worker thread in my application. > > I have extended the OVERLAPPED object in my app to include things such > as session state, and was planning to include a TLSWrapper object > there (encapsulates SSL* m_ssl, BIO_pair, etc...) as well so that each > client submission during a session will get the same SSL* object. > However, this implies that various threads may work on one of my SSL* > object during the life of a client session. It sounds like you are > saying this is not going to work? Note, my app guarantees any m_ssl > object will NOT get picked up by two threads simultaneously, so any > given m_ssl object will only get touched by one thread at a time. > > But are you saying the SSL* object ties itself to the specific thread > that set it up? That doesn't make sense to me, so I'm hoping that I'm > just reading too much into your statement. Otherwise, it sounds like > I would have to setup and tear down the SSL objects every time a > client submits data to my app during a single session? (could be > hundreds or thousands of separate client submissions during the life > of a single client session) > > Thanks, > n8 > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://old.nabble.com/TLS%2C-BIOs%2C-SSL_read-write-tp22507857p32691793.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
