[Top-posted because Outlook can't deal correctly with HTML email.]
> Is this safe?
No. There's a lot of state in the SSL object (which is not an "SSL context", in
OpenSSL terminology; the SSL_CTX object is an "SSL context"), and the SSL/TLS
methods' write functions do not serialize access to it. Look at ssl3_write in
ssl/s3_lib.c, for example, and consider what happens if two threads trigger
renegotiation at the same time, or if two threads try to send the first message
after the handshake.
I can imagine applications where multiple threads write to the same SSL/TLS
conversation (not everything is request-response), but in that case, the
application layer will have to serialize access to the conversation. And
remember that OpenSSL has to be built for thread safety, and that its error
handling is thread-based, so each thread needs to check its error state.
> Is the data delivered properly to the peer?
Define "properly". If you just mean that sends shouldn't be interleaved, then
serializing access to the conversation should suffice, since the underlying BIO
is a streaming abstraction. Non-blocking I/O would complicate that - you'd have
to ensure a send completes before releasing the conversation.
Michael Wojcik
Technology Specialist, Micro Focus
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of S P, Swaroop (NSN - IN/Bangalore)
Sent: Tuesday, 30 September, 2014 09:46
To: openssl-users@openssl.org
Subject: Thread Safety of ssl_write()
Hi,
We have a use-case where multiple threads are required to use the same SSL
context [created using SSL_new()] and do a ssl_write().
So, there might be a scenario where two threads (or more) can be doing a
ssl_write() on the same SSL context at exactly the same time.
Is this safe?
Is the data delivered properly to the peer?
Regards,
Swaroop
Click here<https://www.mailcontrol.com/sr/MZbqvYs5QwJvpeaetUwhCQ==> to report
this email as spam.
This message has been scanned for malware by Websense. www.websense.com
