On 02/10/2019 03:10, Christian Mazakas wrote: > I'm relatively new to the world of OpenSSL. > > I'm trying to write a QUIC stream class and for that, I need to use the > EVP_PKEY_CTX and I'm not sure what's the optimal way of scoping instances of > this context. > > For example, should I have a CTX per Quic connection? Or rather one that's > shared by many in a thread-safe manner? What's the cost of generating one per > connection? Are there docs where I can read about this kind of stuff? There are no hard and fast rules on this as much is going to depend on the particular application. However EVP_PKEY_CTX creation is not particularly expensive. As a point of reference libssl creates and destroys these on a temporary basis per connection. Most likely the overhead of trying to share these between multiple threads, and the locking that would therefore be required, is not going to be worth it. Matt
