Well my hybrid threaded app now seems to be stable - even under extreme loads.
Here is what I did for others to refer: Comments *most* welcome. These steps allow me to link both builds of my program with the same non-threaded OpenSSL build. I.e. both the fork() and pthread_create() builds of my software. 1. Use my own BIO object (BIO_new) so that OpenSSL does not use socket ops - allows me to use the library asyncronously and avoids errno+threading issues. 2. Use my own RAND object (RAND_set_rand_method) so that OpenSSL does not try lock static globals. 3. Use my own EXDATA object (CRYPTO_set_ex_data_implementation(my_impl)) - this is a problem because the st_CRYPTO_EX_DATA_IMPL object is not declared in the header - you have to copy and paste it from the OpenSSL source. My EXDATA object is a dummy opject - it does nothing and asserts when you try do a dup. I'm not using ex_data in my app - and quite honestly I'm not really sure what it's for. 4. Disable all OpenSSL caching of sessions - (SSL_CTX_set_session_cache_mode (ctx, SSL_SESS_CACHE_NO_INTERNAL | SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR)) use the callbacks ( SSL_CTX_sess_set_new_cb etc.) and handle session caching and session expiry myself. 5. Declare only one SSL_CTX context per thread. 6. Build OpenSSL with no-threads and -DOPENSSL_NO_LOCKING Am I doing anything completely insane here? -paul