Question about thread safety and SSL_CTX* and its SSL*

Thomas Bailleux thomas.bailleux at
Tue Sep 27 16:35:47 UTC 2022

Hello OpenSSL.

I know that thread safety in OpenSSL is a much discussed topic. I have read several GitHub issues[1], Stack Overflow threads[2], and I have read the blog paper[3] too.

However, I am still facing issues when I use `SSL_CTX` and `SSL` objects.

I use `SSL_CTX` and `SSL` inside a threaded application. Threads are managed using pthread primitives.

Basically, I create a `SSL_CTX`, and I fill it depending on the TLS method.
At this point, the `SSL_CTX` is final. I never change it again.

Then, I create n `SSL`s from the `SSL_CTX`, and I spawn n pthreads. Each pthread takes the ownership of a single `SSL`. Finally, each
pthread is going to use its `SSL` object for establishing some TLS connections.
`SSL` objects never get destroyed, instead I use `SSL_clear` for kind of recycling them.

My question is: Is my app thread safe ? I wonder, because I am facing random null deref.
If I create a `SSL_CTX` for each thread, everything is fine.

Best regards,

Thomas B.

[1] <>
[2] <> 
[3] <> 

NB: I'am using OpenSSL 1.1.1, from git.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list