Using SSL_read and SSL_write on parallel threads

Viktor Dukhovni openssl-users at dukhovni.org
Wed Dec 11 19:17:25 UTC 2019


On Wed, Dec 11, 2019 at 04:36:20PM +0530, Raja Ashok wrote:

> A TLS server application spawns 2 thread and handles 'n' number of TLS
> clients. All connections SSL_read operations are performed on one thread
> and SSL_write on another thread. To achieve this currently I lock the `SSL`
> connection handle. This application uses TLSv1.2 and TLSv1.3.
> 
> My question is does anyone uses SSL_read and SSL_write in parallel thread
> in much better way ?

General best-practice is either an event based state-machine or one
thread per connection, with both the reads and the writes for a given
connection done in the same thread.

If for some reason you have to separate the reads and writes into
separate threads, then indeed locks are required, but then a blocked
reader can starve the write side and vice versa.

If the connection is non-blocking, then you must deal with
SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE in both threads, waiting
for the socket to become readable or writable before retrying the
operation.

-- 
    Viktor.


More information about the openssl-users mailing list