SSL handshake hanging

Helde, Paavo Paavo.Helde at PERKINELMER.COM
Tue Apr 18 09:31:54 UTC 2023

We are using openssl for client-side HTTP connections. Sometimes they get randomly hanging during SSL handshake. It looks like there are some network or server-side problems, earlier the same server was responding with an error like:

SSL_write() failed with error code: SSL_ERROR_SYSCALL

According to google this means: The SSL_ERROR_SYSCALL with errno value of 0 indicates unexpected EOF from the peer.

Later another request is made to the same server, which hangs indefinitely. Stack backtrace in gdb:

#0  0x00007ff999c54ab4 in read ()
#1  0x00007ff97c9f91b6 in sock_read ()
#2  0x00007ff97c9f7b70 in bread_conv ()
#3  0x00007ff97c9f67d1 in bio_read_intern ()
#4  0x00007ff97c9f68be in BIO_read ()
#5  0x00007ff97c983ff9 in ssl3_read_n ()
#6  0x00007ff97c9887fb in ssl3_get_record ()
#7  0x00007ff97c986aa1 in ssl3_read_bytes ()
#8  0x00007ff97c9c62c6 in tls_get_message_header ()
#9  0x00007ff97c9b7135 in read_state_machine ()
#10 0x00007ff97c9b6dec in state_machine ()
#11 0x00007ff97c9b68f2 in ossl_statem_connect ()
#12 0x00007ff97c9a14eb in SSL_do_handshake ()
#13 0x00007ff97c99d54c in SSL_connect ()

My question is, what I can do on the client side to debug the problem, or at least to avoid such hanging? I guess I can set socket read timeout beforehand, and reset it after handshake, or is there a better way? This is openssl 1.1, would it make sense to switch over to openssl 3.0? Or maybe I have missed some client-side configuration? Currently I'm using just these calls to add SSL capability to an open TCP socket (error handling left out from here for brevity):


const SSL_METHOD *method = TLS_client_method();
auto context_ = SSL_CTX_new(method);
SSL_CTX_set_verify(context_, SSL_VERIFY_PEER, MySSLVerifyCallback);
auto ssl_ = SSL_new(context_);
SSL_set_tlsext_host_name(ssl_, host.c_str());
SSL_set_fd(ssl_, socketHandle);

Any advice?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list