[openssl-users] Multiplexing TLS / non-TLS connections on a single socket

Viktor Dukhovni openssl-users at dukhovni.org
Tue Feb 12 23:31:12 UTC 2019

On Tue, Feb 12, 2019 at 11:22:47PM +0100, Jakob Bohm via openssl-users wrote:

> At least in older versions of OpenSSL, you could create a custom BIO
> that buffers the socket data and lets you look at it before passing
> it to the SSL/TLS layer or directly to your code according to the
> contents.  This way you don't depend on the ability to make the OS
> socket API do this for you.
> I don't know if this ability is also in OpenSSL 1.1.x.

This has not changed.  So OpenSSL can do that, but the other
application protocol might still want to read the socket directly.
I would expect a socket "peek" once at the beginning of a connection
to be sufficient cheap compared to TLS handshakes, ... to not warrant
trying to find another approach.


More information about the openssl-users mailing list