Hello, I read from man page of SSL_read:
====================== If the underlying BIO is non-blocking, SSL_read() will also return when the underlying BIO could not satisfy the needs of SSL_read() to continue the operation. In this case a call to SSL_get_error(3) with the return value of SSL_read() will yield SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE. As at any time a re-negotiation is possible, a call to SSL_read() can also cause write operations! ====================== and from wiki about SSL/TLS: ====================== At any time, due to internal or external stimulus (either automation or user intervention), either side may renegotiate the connection, in which case, the process repeats itself. ====================== Suppose, at some stage, my client-side application just should only wait for new incoming data through secure connection. As I understand non-blocking SSL_read() may need write data sometimes. The simplest way to solve the problem is to enable EPOLLOUT and never disable it, But there is a PROBLEM: my application can always write to socket, so epoll_wait() will always return with EPOLLOUT at each iteration. As result I will get 100% CPU when my application just wait data. Another way is to enable EPOLLOUT only when I get WANT_WRITE from SSL_read() and disable EPOLLOUT at the next call of SSL_read(). Is that right solution? Could you show an example of handling WANT_WRITE in SSL_read() when only EPOLLIN is enabled? Thanks in advance ~Eldar ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org