Seeing hang in SSL_read() even after disabling SSL_MODE_AUTO_RETRY

[Rahul Shukla]

Hi All,

Recently we added support for TLSv1.3 in our product.

To support TLSv1.3 we did the following changes.

   1. We had to switch off the SSL_MODE_AUTO_RETRY as we were seeing a hang
   with blocking sockets when SSL_read() was processing the non-application
   data records, but then try to read an application data record which might
   not be available.
   2. We added the SSL_read() call with 0 bytes, just after the handshake
   is completed, to read the session ticket if it is available.
   3. We had also changed the read logic to handle *SSL_ERROR_WANT_READ,
   SSL_ERROR_WANT_WRITE *errors during the read.



Now, we are observing the following hang for the 2nd step where the
SSL_read() was called with 0 bytes, just after the handshake is completed,
to read the session ticket if it is available.



#0  0x00007fd34a5886e0 in __read_nocancel () at
../sysdeps/unix/syscall-template.S:81

#1  0x0000561992233735 in sock_read ()

#2  0x000056199223052c in bread_conv ()

#3  0x000056199222f222 in BIO_read ()

#4  0x00005619921cd190 in ssl3_read_n ()

#5  0x00005619921d1996 in ssl3_get_record ()

#6  0x00005619921cf233 in ssl3_read_bytes ()

#7  0x00005619921d5e4a in ssl3_read ()

#8  0x00005619921defed in ssl_read_internal ()

#9  0x00005619921df1d3 in SSL_read ()

 ....


Any idea why this hang is coming even after disabling SSL_MODE_AUTO_RETRY.

Let me know if you need any other details. Thanks in advance.



--Rahul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20231016/b3befb49/attachment.htm>