On Fri, Sep 12, 2014 at 11:42:51AM -0400, John Lane Schultz wrote:
> In my full-duplex, non-blocking application, I'd like to avoid renegotiation
> because my application doesn't need it and the complexity it seems to add.
>
> I was wondering, if neither side ever explicitly causes renegotiation to
> occur (e.g. - SSL_renegotiate), is it still possible with existing versions
> of the OpenSSL library for a SSL_read to yield a SSL_ERROR_WANTS_WRITE or
> a SSL_write to yield a SSL_ERROR_WANTS_READ? Without renegotiation, I
> didn't see any good reason why a read might need writeability (and vice
> versa) from the TLS protocol.
>
> I'm perfectly content with handling SSL_connect and SSL_accept returning
> both errors but would like to remove the additional logic that read needing
> writeability (and vice versa) causes if at all possible.
Current versions of the protocol might not need to perform writes
to complete a read, but TLS evolves, and future versions, possibly
subject to future extensions may perform a periodic key exchange
or other actions that violate current assumptions.
If you're writing something that's going to be around for a long
time, I think you need to be prepared for the general case.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
