RE: Using single EVP_PKEY instance across multiple connections
To expand on this question a little more, is it safe to just create one SSL_CTX* at initialization of my server that will be used each time a new client connects when i do SSL_new(ctx)? Charles A. Barbe Senior Software Engineer Allworx, a Windstream company 245 East Main St | Rochester NY | 14604 charles.ba...@allworx.com | 585.421.5565 From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Barbe, Charles [charles.ba...@allworx.com] Sent: Friday, June 27, 2014 4:18 PM To: openssl-users@openssl.org Subject: Using single EVP_PKEY instance across multiple connections Hi, I have an implementation of a multi-threaded HTTP server that I wrote using OpenSSL version 1.0.1g. Currently, on initialization of the server, I load my private key from disk and store it in an EVP_PKEY pointer. Whenever I accept a new connection, I use that same pointer to an EVP_PKEY in my call to SSL_CTX_use_PrivateKey. Is that safe or should I be copying my EVP_PKEY for each connection? Thanks! Charles A. Barbe Senior Software Engineer Allworx, a Windstream company 245 East Main St | Rochester NY | 14604 charles.ba...@allworx.com | 585.421.5565 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using single EVP_PKEY instance across multiple connections
On Sun, Jun 29, 2014, Barbe, Charles wrote: To expand on this question a little more, is it safe to just create one SSL_CTX* at initialization of my server that will be used each time a new client connects when i do SSL_new(ctx)? Yes it is. That's how most servers are written. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: Using single EVP_PKEY instance across multiple connections
To expand on this question a little more, is it safe to just create one SSL_CTX* at initialization of my server that will be used each time a new client connects when i do SSL_new(ctx)? Yes. -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rs...@jabber.me; Twitter: RichSalz __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: Using single EVP_PKEY instance across multiple connections
On Sun, Jun 29, 2014 at 1:58 PM, Barbe, Charles charles.ba...@allworx.com wrote: To expand on this question a little more, is it safe to just create one SSL_CTX* at initialization of my server that will be used each time a new client connects when i do SSL_new(ctx)? Yes. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Using single EVP_PKEY instance across multiple connections
Hi, I have an implementation of a multi-threaded HTTP server that I wrote using OpenSSL version 1.0.1g. Currently, on initialization of the server, I load my private key from disk and store it in an EVP_PKEY pointer. Whenever I accept a new connection, I use that same pointer to an EVP_PKEY in my call to SSL_CTX_use_PrivateKey. Is that safe or should I be copying my EVP_PKEY for each connection? Thanks! Charles A. Barbe Senior Software Engineer Allworx, a Windstream company 245 East Main St | Rochester NY | 14604 charles.ba...@allworx.com | 585.421.5565 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org