[Top-posted because Outlook can't deal correctly with HTML email.] > Is this safe?
No. There's a lot of state in the SSL object (which is not an "SSL context", in OpenSSL terminology; the SSL_CTX object is an "SSL context"), and the SSL/TLS methods' write functions do not serialize access to it. Look at ssl3_write in ssl/s3_lib.c, for example, and consider what happens if two threads trigger renegotiation at the same time, or if two threads try to send the first message after the handshake. I can imagine applications where multiple threads write to the same SSL/TLS conversation (not everything is request-response), but in that case, the application layer will have to serialize access to the conversation. And remember that OpenSSL has to be built for thread safety, and that its error handling is thread-based, so each thread needs to check its error state. > Is the data delivered properly to the peer? Define "properly". If you just mean that sends shouldn't be interleaved, then serializing access to the conversation should suffice, since the underlying BIO is a streaming abstraction. Non-blocking I/O would complicate that - you'd have to ensure a send completes before releasing the conversation. Michael Wojcik Technology Specialist, Micro Focus From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of S P, Swaroop (NSN - IN/Bangalore) Sent: Tuesday, 30 September, 2014 09:46 To: openssl-users@openssl.org Subject: Thread Safety of ssl_write() Hi, We have a use-case where multiple threads are required to use the same SSL context [created using SSL_new()] and do a ssl_write(). So, there might be a scenario where two threads (or more) can be doing a ssl_write() on the same SSL context at exactly the same time. Is this safe? Is the data delivered properly to the peer? Regards, Swaroop Click here<https://www.mailcontrol.com/sr/MZbqvYs5QwJvpeaetUwhCQ==> to report this email as spam. This message has been scanned for malware by Websense. www.websense.com
