RE: SSL - Weak Encryption Test
Hi Answering your questions: Are you even sure HOSTNAME:443 and HOSTNAME:8000 are the same host? Yes . Its a device . 2. 443 is disabled , Hence it disconnects. 3. 8000 is the port we used to communicate. I need to make sure device does not support weak security. Hence , I ran the openssl commands where for 8000 it connected and writeErr . 4. when you say weak algorithm , We are using SSLV3 ciphers used SSL_RSA_WITH_RC4_128_SHA. Thanks Noufel Dave Thompson-5 wrote: From: owner-openssl-us...@openssl.org On Behalf Of Nouefel Sent: Monday, 28 February, 2011 19:10 Openssl version - OpenSSL 0.9.8l 5 Nov 2009 Now regarding the commands and their results : openssl s_client -connect HOSTNAME:443 -cipher LOW:EXP connect: Connection timed out connect:errno=110 Okay, so this is almost certainly Linux and that error means you didn't connect at all. You have NO information what the server supports. However, if ALL clients are like you unable to connect on 443 (see below) then it shouldn't matter if the server software contains support for weak ciphers (or other problems like SQL or script injection, crossdomain forgery, etc.) since no one can send the data that would exploit these problems. openssl s_client -connect HOSTNAME:8000 -cipher LOW:EXP CONNECTED(0003) write:errno=104 That's a bit odd; you connected and then got reset. It's especially odd to get it on write, unless maybe your random-gen for KeyExchange is extra slow or something. Depending on the server (particularly OS), this MAY indicate that the server is failing (e.g. crashing). Normally I would first suggest checking the server logs, but if you're trying to probe basic crypto from outside I'm guessing you don't have access to the logs. As I said, try with -msg (or -debug) to get details of the handshake process. That MAY get far enough to have some information about the crypto support of the server. So on 8000 it says connected but there is also an err. Where as first one times out as 443 port is not enabled. What exactly do you mean by port is not enabled? If there is simply no software listening on port N on a reachable host, connect normally fails with reset. The host might have rules or features to just discard connects (SYNs) on some port(s) e.g. 443 for any reason it likes, possibly to avoid scans or probes like yours. Or, there might be a firewall or similar device between you and the host which decides to discard 443, but let through 8000 -- maybe even to let through the SYNs for 8000 but then subsequently break the connection with RST, although that's rather rude. Are you even sure HOSTNAME:443 and HOSTNAME:8000 are the same host? First, one name can translate in DNS to different addresses at different times, although it is unlikely it would consistently translate to different values for your :443 attempts versus your :8000 ones. Second, a single address could be on a NAT-type box that routes different ports to different hosts; this is fairly common in today's network world. If this host belongs to your organization, or a business partner or something, they should be able to tell you how the network setup works, and quite possibly how the crypto is set up if that is your actual question. Admittedly in some (large) organizations, it can be a chore to find the correct person with such answers. If this host belongs to someone else, they may want you NOT to know this setup, which they may want to change without warning and without you knowing or noticing. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org -- View this message in context: http://old.nabble.com/SSL---Weak-Encryption-Test-tp31016002p31046126.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
DH_generate_key issue
Hello, guys! I'm new to OpenSSL so sorry in advance if I get something wrong. I'm using OpenSSL Diffie-Hellman key exchange in my project. In 'normal' mode it works just perfect, but during stress-testing I have discovered strange behavior: I sequentially start X00 DH calculations and it randomly fails to generate public key correctly. This is my test-case: START_TEST(openssl_dh_stress) { BIGNUM*g_p3072 = NULL; unsigned i; g_p3072 = BN_bin2bn(g_p3072data, sizeof(g_p3072data), NULL); for (i=0; i400; i++) { int ssl_res; unsigned char random_bytes[64]; DH *tmp_ctx = NULL; tmp_ctx = DH_new(); ck_assert(NULL != tmp_ctx); tmp_ctx-p = BN_dup(g_p3072); tmp_ctx-g = BN_new(); BN_set_word(tmp_ctx-g, DH_GENERATOR_2); RAND_bytes(random_bytes, 256/8); tmp_ctx-priv_key = BN_bin2bn(random_bytes, 256/8, NULL); ssl_res = DH_generate_key(tmp_ctx); ck_assert_int_eq(1, ssl_res); unsigned pub_key_size = BN_num_bytes(tmp_ctx-pub_key); if (pub_key_size != 3072/8) { printf(FAILURE. DH 3K, %i-s iteration failed to compute correct PV length.\n, i); } ck_assert_int_eq(pub_key_size, 3072/8); DH_free(tmp_ctx); } } END_TEST Openssl randomly produces pub_key_size == 383 bytes, (it affect the rest the calculations later in the sources). It's not reproducible with 1, 10 or 50 iterations, but when i = 200 it's 100% reproducible. I have briefly reviewed openssl dh key generation sources and couldn't find anything what looks strange. Empirically I discovered that the problem disappears when I comment out RAND_bytes(random_bytes, 256/8);, but still assign private key manually to prevent OpenSSL from generating it automatically. I'm using single-thread environment. I tried different versions of OpenSSL on OSX, Linux and OpenBSD - the same behavior. Have you ever experienced with similar problem in your projects? Am I doing something wrong? Thanks in advance for for your help! -- Kind Regards, Viktor __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL_read( ) = segmentation fault
I found where the segmentation fault happens. There is no link between SSL function call and the seg fault. SSL functions work fine until now. 2011/3/1 ikuzar razuk...@gmail.com Hello, I develop a secure stack. This stack is between TCP and an application. The appli call my stack's functions ( my_connect( ), my_listen( ), etc. ). I have got segmentation fault after launching the the program. SERVER SIDE : my_recv( ) is like this : int my_recv(my_cn sd, char* buf, size_t* len, unsigned int flags, unsigned int timeout){ ... err = SSL_read(si-ssl, buf, *len); switch(err) { ... } } I call my_recv( ) in main( ) like this : main( ){ ... lsock = my_listen(0, TESTPORT, test_proto, 5); // that's OK my_cn s2 = my_accept(lsock, addr, port); // That's OK ... char buf[10]; size_t len = 5; my_recv(s2, buf, len, 0, 0); // Here is seg fault ... } After a simple debug ( only in server side) , I realized that: 1) seg fault is caused by SSL_read( ) 2) si-ssl != NULL CLIENT SIDE : maint( ) { my_cn sock = my_connect(inet_addr(127.0.0.1), TESTPORT, local_addr, local_port, test_proto); // That's OK my_send(sock, Test, 5); // it fails ( seg fault here ... ? ); ... } I am wondering what would cause the problem, probably buf or len...!? I tried char buf[5] but I have got the same result. Does someone find what happens. Thanks
SSL_write( ) fails
Hello, SSL_write fails in my program. After debuging, I have got err = 2 in err = SSL_get_error(ssl, err); Does someone know what does it mean ? Thanks.
Re:SSL_write( ) fails
If you stepped a bit into the source code , you would have found the answer yourself. They are defined in the ssl.h.You may see the help doc for more details. #define SSL_ERROR_NONE0 #define SSL_ERROR_SSL1 #define SSL_ERROR_WANT_READ2 #define SSL_ERROR_WANT_WRITE3 #define SSL_ERROR_WANT_X509_LOOKUP4 #define SSL_ERROR_SYSCALL5 /* look at error stack/return value/errno */ #define SSL_ERROR_ZERO_RETURN6 #define SSL_ERROR_WANT_CONNECT7 #define SSL_ERROR_WANT_ACCEPT8 At 2011-03-02 22:55:51,ikuzar razuk...@gmail.com wrote: Hello, SSL_write fails in my program. After debuging, I have got err = 2 in err = SSL_get_error(ssl, err); Does someone know what does it mean ? Thanks.
Is there an openssl command line equivalent to RSA_sign and RSA_verify?
Is there an openssl command line equivalent to: RSA_sign(NID_sha1, hash, 20, sig, siglen, rsa_pkey); and/or RSA_verify(NID_sha1, hash, 20, sigbuf, siglen, rsa_pkey) These functions work fine for signing and verifying data from a c program, but I can't figure out if there is an openssl command that can be used instead. I've tried various openssl commands such as rsautl and rsa, but can't find anything equivalent. I am trying to write a server script that will use the openssl command line to sign a message, and then send it to a client where it will be verified by a c program. -- View this message in context: http://old.nabble.com/Is-there-an-openssl-command-line-equivalent-to-RSA_sign-and-RSA_verify--tp31049735p31049735.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re:DH_generate_key issue
I haven't run your code.I doubt why are you sure that the the length of thepub_key is equal to the length of the p.In my opinion,it is not longer than p.I found a counter example in WIKI. Alice and Bob agree to use a prime numberp=23 and baseg=5. Alice chooses a secret integera=6, then sends BobA =ga modp A =56 mod23 A =15,625 mod23 A =8 ---this is the pub_key At 2011-03-02 19:53:07,Viktor Krikun v.kri...@gmail.com wrote: Hello, guys! I'm new to OpenSSL so sorry in advance if I get something wrong. I'm using OpenSSL Diffie-Hellman key exchange in my project. In 'normal' mode it works just perfect, but during stress-testing I have discovered strange behavior: I sequentially start X00 DH calculations and it randomly fails to generate public key correctly. This is my test-case: START_TEST(openssl_dh_stress) { BIGNUM*g_p3072 = NULL; unsigned i; g_p3072 = BN_bin2bn(g_p3072data, sizeof(g_p3072data), NULL); for (i=0; i400; i++) { int ssl_res; unsigned char random_bytes[64]; DH *tmp_ctx = NULL; tmp_ctx = DH_new(); ck_assert(NULL != tmp_ctx); tmp_ctx-p = BN_dup(g_p3072); tmp_ctx-g = BN_new(); BN_set_word(tmp_ctx-g, DH_GENERATOR_2); RAND_bytes(random_bytes, 256/8); tmp_ctx-priv_key = BN_bin2bn(random_bytes, 256/8, NULL); ssl_res = DH_generate_key(tmp_ctx); ck_assert_int_eq(1, ssl_res); unsigned pub_key_size = BN_num_bytes(tmp_ctx-pub_key); if (pub_key_size != 3072/8) { printf(FAILURE. DH 3K, %i-s iteration failed to compute correct PV length.\n, i); } ck_assert_int_eq(pub_key_size, 3072/8); DH_free(tmp_ctx); } } END_TEST Openssl randomly produces pub_key_size == 383 bytes, (it affect the rest the calculations later in the sources). It's not reproducible with 1, 10 or 50 iterations, but when i = 200 it's 100% reproducible. I have briefly reviewed openssl dh key generation sources and couldn't find anything what looks strange. Empirically I discovered that the problem disappears when I comment out RAND_bytes(random_bytes, 256/8);, but still assign private key manually to prevent OpenSSL from generating it automatically. I'm using single-thread environment. I tried different versions of OpenSSL on OSX, Linux and OpenBSD - the same behavior. Have you ever experienced with similar problem in your projects? Am I doing something wrong? Thanks in advance for for your help! -- Kind Regards, Viktor __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: DH_generate_key issue
Hi Viktor, If you perform BN_mod_exp you will find that mathematically the public key is correct. I suppose there is a 1 in 256 chance that the high order byte would be 0, so that explains your result of it happening when you do large numbers of such operations. BTW, you can also use BN_rand instead of RAND_bytes to avoid the conversion... Regards, Erik Erik Tkal Juniper OAC/UAC/Pulse Development -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Viktor Krikun Sent: Wednesday, March 02, 2011 6:53 AM To: openssl-users@openssl.org Subject: DH_generate_key issue Hello, guys! I'm new to OpenSSL so sorry in advance if I get something wrong. I'm using OpenSSL Diffie-Hellman key exchange in my project. In 'normal' mode it works just perfect, but during stress-testing I have discovered strange behavior: I sequentially start X00 DH calculations and it randomly fails to generate public key correctly. This is my test-case: START_TEST(openssl_dh_stress) { BIGNUM*g_p3072 = NULL; unsigned i; g_p3072 = BN_bin2bn(g_p3072data, sizeof(g_p3072data), NULL); for (i=0; i400; i++) { int ssl_res; unsigned char random_bytes[64]; DH *tmp_ctx = NULL; tmp_ctx = DH_new(); ck_assert(NULL != tmp_ctx); tmp_ctx-p = BN_dup(g_p3072); tmp_ctx-g = BN_new(); BN_set_word(tmp_ctx-g, DH_GENERATOR_2); RAND_bytes(random_bytes, 256/8); tmp_ctx-priv_key = BN_bin2bn(random_bytes, 256/8, NULL); ssl_res = DH_generate_key(tmp_ctx); ck_assert_int_eq(1, ssl_res); unsigned pub_key_size = BN_num_bytes(tmp_ctx-pub_key); if (pub_key_size != 3072/8) { printf(FAILURE. DH 3K, %i-s iteration failed to compute correct PV length.\n, i); } ck_assert_int_eq(pub_key_size, 3072/8); DH_free(tmp_ctx); } } END_TEST Openssl randomly produces pub_key_size == 383 bytes, (it affect the rest the calculations later in the sources). It's not reproducible with 1, 10 or 50 iterations, but when i = 200 it's 100% reproducible. I have briefly reviewed openssl dh key generation sources and couldn't find anything what looks strange. Empirically I discovered that the problem disappears when I comment out RAND_bytes(random_bytes, 256/8);, but still assign private key manually to prevent OpenSSL from generating it automatically. I'm using single-thread environment. I tried different versions of OpenSSL on OSX, Linux and OpenBSD - the same behavior. Have you ever experienced with similar problem in your projects? Am I doing something wrong? Thanks in advance for for your help! -- Kind Regards, Viktor __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL_write( ) fails
Ok. Thanks. So, here SSL_write( ) wants to read( ). In fact, ssl_accept( ) fails ( but I continued instead of returning -1 for example. I repaired this programming error. Now it's OK ). -- Then I realize that ssl_accept returns ***ret = 0. * -- I check if ret 1. If true then I make : gret = SSL_get_error(ssl, ret) -- Then, I make a switch(gret) and I realize that gret = *SSL_ERROR_SYSCALL * -- Then, I make ERR_get_error(); it returns 0. According to the doc ( http://www.openssl.org/docs/ssl/SSL_get_error.html#RETURN_VALUES) I can recheck *ret* value. If it is == 0 it says that an EOF was observed that violates the protocol. My questions : 1) Did I well interpreted the doc ? 2) What does an EOF was observed that violates the protocol mean ? 3) I come back to the SSL_write( ). He wants to read( ). The doc says : Caveat: Any TLS/SSL I/O function can lead to either of * SSL_ERROR_WANT_READ* and *SSL_ERROR_WANT_WRITE*. In particular, SSL_read()or SSL_peek() may want to write data and SSL_write() may want to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes. 3.1) When the doc says SSL_write () may want to read data... what does it mean exactly ? Does it mean that a function is blocked somewhere because it wants read ? ( In my case : this function is accept( ) ?? ) 3.2) Does the client and server share the same ssl object ... ? Thanks. 2011/3/2 lzyzizi lzyz...@126.com If you stepped a bit into the source code , you would have found the answer yourself. They are defined in the ssl.h.You may see the help doc for more details. #define SSL_ERROR_NONE0 #define SSL_ERROR_SSL1 #define SSL_ERROR_WANT_READ2 #define SSL_ERROR_WANT_WRITE3 #define SSL_ERROR_WANT_X509_LOOKUP4 #define SSL_ERROR_SYSCALL5 /* look at error stack/return value/errno */ #define SSL_ERROR_ZERO_RETURN6 #define SSL_ERROR_WANT_CONNECT7 #define SSL_ERROR_WANT_ACCEPT8 At 2011-03-02 22:55:51,ikuzar razuk...@gmail.com wrote: Hello, SSL_write fails in my program. After debuging, I have got err = 2 in err = SSL_get_error(ssl, err); Does someone know what does it mean ? Thanks.
BN_mod_mul_montgomery() causing cpu spike
Hi, I've enabled fips in sshd (OpenSSH 5.5p1) and linked it against openssl-fips-1.2. Everytime time sshd is spawned, the cpu utilization shoots up and remains high (40% to 90%) for around 5 seconds. By taking backtraces at time intervals (please see below), I found that, during this entire 5 sec period, sshd was executing BN_mod_mul_montgomery() function. Is this expected? Is there a workaround to avoid cpu spike? This is adding delay to ssh login. #0 0xb7a74a7f in bn_sqr_comba8 (r=0x80de020, a=0x80ddfe0) at bn_asm.c:728 #1 0xb7a5d2a4 in bn_sqr_recursive (r=0x80de020, a=0x80ddfe0, n2=8, t=0x80de060) at bn_sqr.c:229 #2 0xb7a5d11d in bn_sqr_recursive (r=0x80ddd58, a=0x80d98a8, n2=16, t=0x80ddfe0) at bn_sqr.c:252 #3 0xb7a5d166 in bn_sqr_recursive (r=0x80ddcd8, a=0x80d9868, n2=32, t=0x80ddee0) at bn_sqr.c:256 #4 0xb7a5d55e in BN_sqr (r=0x80d8eb4, a=0x80d8cf0, ctx=0x80d8bd0) at bn_sqr.c:127 #5 0xb7a58ed8 in BN_mod_mul_montgomery (r=0x80d8cf0, a=0x80d8cf0, b=0x80d8cf0, mont=0x80d9790, ctx=0x80d8bd0) at bn_mont.c:153 #6 0xb7a55607 in BN_mod_exp_mont (rr=0x80d8cc8, a=0x80d8cc8, p=0x80d8cb4, m=0x80d8c78, ctx=0x80d8bd0, in_mont=0x80d9790) at bn_exp.c:495 #7 0xb7a5b44e in witness (mont=value optimized out, ctx=value optimized out, k=value optimized out, a1_odd=value optimized out, a1=value optimized out, a=value optimized out, w=value optimized out) at bn_prime.c:355 #8 BN_is_prime_fasttest_ex (a=0x80d8c78, checks=50, ctx_passed=0x80d8bd0, do_trial_division=1, cb=0x0) at bn_prime.c:328 #9 0xb7a81c54 in dsa_builtin_paramgen (cb=value optimized out, h_ret=value optimized out, counter_ret=value optimized out, seed_len=value optimized out, seed_in=value optimized out, bits=value optimized out, ret=value optimized out) at fips_dsa_gen.c:271 #10 DSA_generate_parameters_ex (ret=0x80d8ab8, bits=1024, seed_in=0x0, seed_len=20, counter_ret=0xbfd3d4f8, h_ret=0xbfd3d4f0, cb=0x0) at fips_dsa_gen.c:99 #11 0xb7a82091 in FIPS_selftest_dsa () at fips_dsa_selftest.c:131 #12 0xb7a50415 in FIPS_selftest () at fips.c:178 Thanks, Prakash __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Command Line Question
Folks - I am trying to generate a PKCS#10 certificate request with a pre-existing RSA public/private key pair that was generated using genpkey. The actual command is openssl genpkey -out Keys.bin -outform DER -algorithm rsa -pkeyopt rsa_keygen_bits:2048 Could someone please provide me with information on how to do this? Sorry for the relatively newby question, but I have tried to dig it out of the documentation without success. Bob image001.gif smime.p7s Description: S/MIME cryptographic signature
Re: Is there an openssl command line equivalent to RSA_sign and RSA_verify?
jps3318 wrote: Is there an openssl command line equivalent to: RSA_sign(NID_sha1, hash, 20, sig, siglen, rsa_pkey); and/or RSA_verify(NID_sha1, hash, 20, sigbuf, siglen, rsa_pkey) These functions work fine for signing and verifying data from a c program, but I can't figure out if there is an openssl command that can be used instead. I've tried various openssl commands such as rsautl and rsa, but can't find anything equivalent. I am trying to write a server script that will use the openssl command line to sign a message, and then send it to a client where it will be verified by a c program. Found the answer. The following commands work interchangeably with API's RSA_sign and RSA_verify. openssl dgst -sha1 -sign privkey.pem -out message.sha1 message openssl dgst -sha1 -verify pubkey.pem -signature message.sha1 message -- View this message in context: http://old.nabble.com/Is-there-an-openssl-command-line-equivalent-to-RSA_sign-and-RSA_verify--tp31049735p31050604.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Error 0D0C50A1 (unknown message digest algorithm) after call to OpenSSL_add_all_algorithms
hi, i have a problem with OpenSSL_add_all_algorithms() in openssl: on startup, my application calls OpenSSL_add_all_algorithms() in the main thread. a while after that, a new thread is created. this second thread then calls X509_verify_cert() which returns the error: 'error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm' if i call OpenSSL_add_all_algorithms() a second time in the startup sequence of the second thread, the error disappears. is this a desired behavior? in other applications i have no problems with multiple threads, this is the first time i get this behavior. best would be if the first call in the main thread would be sufficient. also, i could not find anything in the documentation about problems with OpenSSL_add_all_algorithms() and multiple threads. hope someone can explain that to me.. greetings, hannes __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Locating AES GCM GMAC Code under OpenSSL
Hi! I was little concerned about the availability of aes_gcm code under openssl for my use. I downloaded the latest code from http://www.openssl.org/source/, but don't seem to find out gcm/gmac libraries. There are earlier mails chains explaining the GCM update under http://marc.info/?l=openssl-devm=119633026104218. Can you please point me to the location? There have been some following updates, see for example http://rt.openssl.org/Ticket/Display.html?user=guestpass=guestid=2092 But I don't think they will continue syncing to openssl stable, because everything is already included in openssl HEAD. Anyway, since I am using CMAC, I need the patch myself. You can find a more recent patch to stable here: http://openpace.svn.sourceforge.net/websvn/openpace Greets, Frank. pgp0bQsyVFW4o.pgp Description: PGP signature
Re: BN_mod_mul_montgomery() causing cpu spike
prakgen wrote: Hi, I've enabled fips in sshd (OpenSSH 5.5p1) and linked it against openssl-fips-1.2. Everytime time sshd is spawned, the cpu utilization shoots up and remains high (40% to 90%) for around 5 seconds. By taking backtraces at time intervals (please see below), I found that, during this entire 5 sec period, sshd was executing BN_mod_mul_montgomery() function. Is this expected? Is there a workaround to avoid cpu spike? This is adding delay to ssh login. You are seeing the POST (Power Up Self Test) mandated by FIPS 140-2. It is a huge performance hit on low powered platforms (sometimes taking tens or even hundreds of seconds). We're going to make it significantly less painful for the upcoming new validation now in progress, but there will always be a performance hit relative to the same software without enabling FIPS mode. -Steve M. -- Steve Marquess The OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877-673-6775 marqu...@opensslfoundation.com __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: SSL_write( ) fails
On 3/2/2011 9:55 AM, ikuzar wrote: 3) I come back to the SSL_write( ). He wants to read( ). The doc says : Caveat: Any TLS/SSL I/O function can lead to either of *SSL_ERROR_WANT_READ* and *SSL_ERROR_WANT_WRITE*. In particular, |SSL_read()| or |SSL_peek()| may want to write data and |SSL_write()| may want to read data. This is mainly because TLS/SSL handshakes may occur at any time during the protocol (initiated by either the client or the server); |SSL_read(),| |SSL_peek(),| and |SSL_write()| will handle any pending handshakes. 3.1) When the doc says SSL_write () may want to read data... what does it mean exactly ? Does it mean that a function is blocked somewhere because it wants read ? ( In my case : this function is accept( ) ?? ) It means that for the SSL_write operation to make further forward progress, the SSL engine must read some data from the connection. Since the connection is non-blocking, it is not blocking. It is somewhat analogous to EAGAIN. The difference is that you know specifically that it must *read* from the connection. You may retry the SSL_write operation at any time. You could, for example, wait half a second and then call SSL_write again if you wanted to. The ideal response would be to wait until you know data can be read from the other side, for example, by using 'select' or 'poll' to detect readability of the socket. 3.2) Does the client and server share the same ssl object ... ? I think that question is too vague to answer. Each side has its own software running and tracks the state of the shared SSL connection however it wants. However, if you had trusted shared memory to store a shared object in, what would you need SSL for? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org