You're missing something. Non-blocking socket I/O is a facility provided by the OS. OpenSSL can make use of this by taking any EWOULDBLOCK and convert it to SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. This doesn't help much, it just means that the program using OpenSSL won't block on a read() or write() when the buffer's empty or full.
OpenSSL is not a true emulation of the socket layer of the OS. It has to do more work (public-key cryptography is more work than almost anything else outside of physics models), and there is a combination of several operations it has to do in the handshake, beyond the initial SYN|SYN/ACK and FIN|FIN/ACK of TCP. OpenSSL is a library which does not operate in its own thread (since it's impossible to guarantee threading semantics on all platforms it runs on), and thus cannot perform tasks in the background while other application code is running. For more information on TLS 1.0, please see RFC 2246. This is the authoritative guide on when cryptographic operations are performed as part of TLS 1.0. As an additional concept, you might wish to see if you can instrument the call to SSL_connect() to see if you can get the difference between user times (time spent executing user code) and kernel times (time spent executing system calls). The encryption is done entirely in software in OpenSSL (assuming you're not using the ENGINE code), and is entirely in user time. The encryption phase (your round 2) relies on sending what it calculated to the client, and having the client verify it. That's why you have to wait for round 3 to be fully connected. -Kyle H On Thu, Aug 6, 2009 at 8:35 AM, Rij<rij.gh...@gmail.com> wrote: >> >> Setting up an SSL connection requires some computationally intensive >> operations using public key algorithms and some others involving the setup of >> digests and ciphers. >> > > Thanks Steve for your response. > > I realize that. But isn't the objective of using non-blocking > soket/bio is so that the control returns to the application while > OpenSSL runs all the algorithms? Am I missing something? > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
