Using SSL_read and SSL_write on parallel threads

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Using SSL_read and SSL_write on parallel threads

Raja Ashok-2
Hi All,

A TLS server application spawns 2 thread and handles 'n' number of TLS clients. All connections SSL_read operations are performed on one thread and SSL_write on another thread. To achieve this currently I lock the `SSL` connection handle. This application uses TLSv1.2 and TLSv1.3.

My question is does anyone uses SSL_read and SSL_write in parallel thread in much better way ?

Regards,
Raja Ashok
Reply | Threaded
Open this post in threaded view
|

Re: Using SSL_read and SSL_write on parallel threads

Viktor Dukhovni
On Wed, Dec 11, 2019 at 04:36:20PM +0530, Raja Ashok wrote:

> A TLS server application spawns 2 thread and handles 'n' number of TLS
> clients. All connections SSL_read operations are performed on one thread
> and SSL_write on another thread. To achieve this currently I lock the `SSL`
> connection handle. This application uses TLSv1.2 and TLSv1.3.
>
> My question is does anyone uses SSL_read and SSL_write in parallel thread
> in much better way ?

General best-practice is either an event based state-machine or one
thread per connection, with both the reads and the writes for a given
connection done in the same thread.

If for some reason you have to separate the reads and writes into
separate threads, then indeed locks are required, but then a blocked
reader can starve the write side and vice versa.

If the connection is non-blocking, then you must deal with
SSL_ERROR_WANT_READ and SSL_ERROR_WANT_WRITE in both threads, waiting
for the socket to become readable or writable before retrying the
operation.

--
    Viktor.