On 11 Aug 2013, at 2:19 PM, Ahmed Charfeddine wrote: > It has been understood that the concurrent use of SSL_write and SSL_read is > dangerous. > However, is it correct to assume that the only crossing between these two > APIs happen at the handshake stage only ? > In other terms, once the SSL handshake stage has been completed, is it safe > to use these two APIs concurrently ?
No, this is not a safe assumption. Renegotiations can happen at any time during the middle of the connection. (I assume you are talking about a program which has several threads, one of which calls SSL_read() and one of which calls SSL_write() ?) ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
