SSL_read() returning SSL_ERROR_SYSCALL with errno 11 EAGAIN

Viktor Dukhovni openssl-users at
Thu May 2 06:25:27 UTC 2019

> On May 1, 2019, at 9:47 AM, John Unsworth <John.Unsworth at> wrote:
> Create a non-blocking TCP socket.
> Call SSL_new(), SSL_set_fd(), SSL_connect()
> Thereafter call SSL_read().
> Renegotiates handled by OpenSSL.

Can you be more specific about "Create a non-blocking TCP socket"?
That fully sets up the TCP connection?

Also, with the non-blocking connection, how do you decide when to read?
Are you using poll()? select()? epoll()?  And did they report available

In this particular case, was the client trying to read the initial
bytes of the server's reply having received nothing yet in response
to its query?  Or was it in the middle of reading a data stream?

When reading TLS records OpenSSL first reads the record layer
header which indicates the payload length, and then tries to read
that many bytes.  Does the server send the record layer header in
the same TCP segment as the payload, or in separate segments?

Do you know what protocol version was negotiated?  Are both ends
using OpenSSL?  What version on the server side? ...

Can you reproduce the problem after sufficiently many client
server interactions?  Can you get PCAP files of any problem


More information about the openssl-users mailing list