> On May 1, 2019, at 9:47 AM, John Unsworth <John.Unsworth@xxxxxxxxxxxxxxx> wrote: > > Create a non-blocking TCP socket. > Call SSL_new(), SSL_set_fd(), SSL_connect() > Thereafter call SSL_read(). > Renegotiates handled by OpenSSL. Can you be more specific about "Create a non-blocking TCP socket"? That fully sets up the TCP connection? Also, with the non-blocking connection, how do you decide when to read? Are you using poll()? select()? epoll()? And did they report available data? In this particular case, was the client trying to read the initial bytes of the server's reply having received nothing yet in response to its query? Or was it in the middle of reading a data stream? When reading TLS records OpenSSL first reads the record layer header which indicates the payload length, and then tries to read that many bytes. Does the server send the record layer header in the same TCP segment as the payload, or in separate segments? Do you know what protocol version was negotiated? Are both ends using OpenSSL? What version on the server side? ... Can you reproduce the problem after sufficiently many client server interactions? Can you get PCAP files of any problem cases? -- Viktor.
