On Wed, Jan 04, 2023 at 07:55:14AM -0800, Christian Mazakas wrote: > I'm using manually managed BIO pairs. You've not understood how to use these. With bio_pair plumbing, all SSL_read/SSL_write operations eventually trigger SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE errors, indicating that the the external side of the BIO pair is empty or full. *You* then have to explicitly fill or drain the buffer, reading data from the peer or sending data to the peer. You can't connect the server SSL handle and client SSL handle to the same bio pair. They each need their own, and you'll need a loop copying data between them. Note also that an SSL_read() may generate also WANT_WRITE events, and SSL_write() may generate WANT_READ events. Your "fake" I/O loop needs to handle any eventuality. -- Viktor.