[openssl-users] SSL_read() = -1 and SSL_ERROR_SYSCALL, with mem BIO's

Ian Gilmour ian.gilmour.x at gmail.com
Fri May 19 11:02:50 UTC 2017


I'm using a 3rd party library that maintains a TLS connection to a 
server using mem BIO's and in which, usually under load, SSL_read() 
occasionally returns -1, the SSL_get_error() returns SSL_ERROR_SYSCALL 
and ERR_get_error() returns 0 (errno is 0). Under these conditions the 
original code closes the existing connection and a few seconds later 
reopens a new connection to the server.

I'd like to try and avoid these short offline periods if possible. When 
the system is under load I'm seeing this error occur every few minutes.

As a test I modified the code to not close the connection on this 
specific error condition.

With this mod in place and the system under load, the connection appears 
to stay up for hours rather than minutes, with no adverse affects that I 
can see.

But is it valid to do this? Or is the fact that I'm seeing this error so 
frequently an indication of a problem elsewhere in the code?

Thanks in advance,

Ian G

More information about the openssl-users mailing list