[openssl-users] Graceful shutdown of TLS connection for blocking sockets

Michel michel.sales at free.fr
Sun Oct 8 21:34:10 UTC 2017

Hi Thomas, 

I do not think that non-blocking code is hard to implement, but I am not
still convinced there is not some kind of confusion here.
Pardon me if I do not understand well your reasoning, but I just want to
highlight that SSL_read() contract is not to return TCP data, but SSL/TLS
data (if some are available), which is more work.
As described in https://www.openssl.org/docs/man1.1.0/ssl/SSL_read.html, you
may encounter cases where TCP data is available, but just contains TLS
records with no usefull application data.

Can this be what you experienced or I missed your point ?



-----Message d'origine-----
De : openssl-users [mailto:openssl-users-bounces at openssl.org] De la part de
Thomas J. Hruska
Envoyé : dimanche 8 octobre 2017 22:56
À : openssl-users at openssl.org
Objet : Re: [openssl-users] Graceful shutdown of TLS connection for blocking

On 10/8/2017 7:28 AM, Michel wrote:
> While I understand that using non-blocking descriptors is a better 
> practice, I still do not see why select() should NEVER be used for 
> blocking sockets (except when combined/interfered with the internal 
> OpenSSL state machine or equivalent mechanism).
> Could you please elaborate or give an example ?
> Regards,
> Michel.

Example:  You call select(), it returns the descriptor as readable, you pass
it into SSL_read(), and SSL_read() blocks.  You are worse off than before
you used select() since you made the incorrect assumption that you could do
something when select() returns and not have a blocking socket block.

Just because select() says that something is readable (or writable) does not
actually make it so.  The function only makes sense for non-blocking
descriptors.  The use of select() with a blocking descriptor is always

Non-blocking code is actually easier to implement than you think.

Thomas Hruska
Shining Light Productions

Home of BMP2AVI and Win32 OpenSSL.
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list