[Top-posted because Outlook can't deal correctly with HTML email.]
No. There's a lot of state in the SSL object (which is not an "SSL context", in OpenSSL terminology; the SSL_CTX object is an "SSL context"), and the SSL/TLS methods' write functions do not serialize access to it. Look at ssl3_write in ssl/s3_lib.c, for example, and consider what happens if two threads trigger renegotiation at the same time, or if two threads try to send the first message after the handshake.

I can imagine applications where multiple threads write to the same SSL/TLS conversation (not everything is request-response), but in that case, the application layer will have to serialize access to the conversation. And remember that OpenSSL has to be built for thread safety, and that its error handling is thread-based, so each thread needs to check its error state.
Define "properly". If you just mean that sends shouldn't be interleaved, then serializing access to the conversation should suffice, since the underlying BIO is a streaming abstraction. Non-blocking I/O would complicate that - you'd have to ensure a send completes before releasing the conversation.

Michael Wojcik
Technology Specialist, Micro Focus


From: owner-openssl-users-MCmKBN63+***@public.gmane.org [mailto:owner-openssl-***@openssl.org] On Behalf Of S P, Swaroop (NSN - IN/Bangalore)
Sent: Tuesday, 30 September, 2014 09:46
To: openssl-users-MCmKBN63+***@public.gmane.org
Subject: Thread Safety of ssl_write()

Hi,

We have a use-case where multiple threads are required to use the same SSL context [created using SSL_new()] and do a ssl_write().
So, there might be a scenario where two threads (or more) can be doing a ssl_write() on the same SSL context at exactly the same time.
Is this safe?
Is the data delivered properly to the peer?

Regards,
Swaroop



Click here<https://www.mailcontrol.com/sr/MZbqvYs5QwJvpeaetUwhCQ==> to report this email as spam.


This message has been scanned for malware by Websense. www.websense.com

Hi,

It is unsafe to access SSL context from 2 different threads. When you
call SSL_write function, the SSL context object state is changed.
Probably you can end up in case that data is not delivered to the peer.

Kris

On Tue, 2014-09-30 at 13:46 +0000, S P, Swaroop (NSN - IN/Bangalore)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org