Yahel Zamir wrote: > Hi Everyone, > > I have noted an important limitation of OpenSSL, and I would like to make > sure that this limitation does not exist with NSS. > > What I need is the ability to use one thread for writing to an SSL socket in > blocking mode, and another thread for reading from the same socket, and let > them run without synchronization (no mutex). > > The OpenSSL API says that in blocking mode, two threads are not allowed to > use the same SSL connection object at the same time (for instance, for read > and write). This is mentioned in their FAQ - > http://www.openssl.org/support/faq.html#PROG1, and it is discussed here - > http://www.mail-archive.com/openssl-users@openssl.org/msg46791.html > > Some context - I am a SW Engineer at a cmpany named CWNT, developing HW+SW > device that needs secure connectivity, and we would like to use Mozilla NSS > for that purpose, rather than OpenSSL - mainly because of the reason > mentioned above.
NSS's SSL library was written to be able to handle two-way-simultaneous (or so-called "full duplex" or FDX) operation, on blocking or non-blocking sockets. NSS's "selfserv" and "strsclnt" test programs have code to test this feature. See http://lxr.mozilla.org/security/search?string=SSL_ENABLE_FDX But I am not aware of any real products that presently use the feature. I doubt that our nightly QA testing tests it. So I cannot say with great confidence that it is 100% OK. But it should work, and should be fixable if it doesn't. The feature must be enabled on the socket as an SSL socket option. Look at how strsclnt does it. > Yahel. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
