Is Python SSL API thread-safe?

Grant Edwards grant.b.edwards at gmail.com
Sat Jan 28 15:02:48 EST 2017

• Previous message (by thread): Is Python SSL API thread-safe?
• Next message (by thread): pyuno in Libreoffice 5.1.4.2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

On 2017年01月22日, Christian Heimes <christian at python.org> wrote:
> OpenSSL and Python's ssl module are thread-safe. However IO is not
> safe concerning reentrancy. You cannot safely share a SSLSocket
> between threads without a mutex. Certain aspects of the TLS protocol
> can cause interesting side effects. A recv() call can send data
> across a wire and a send() call can receive data from the wire,
> e.g. during re-keying.

And it looks to me like the Python SSL module does all of that. It
provides mutexes and thread ID and locking callbacks as described in
the page below:
 https://www.openssl.org/docs/man1.0.2/crypto/threads.html
According to that page above it's safe to share the socket between
threads:
 OpenSSL can safely be used in multi-threaded applications provided
 that at least two callback functions are set, locking_function and
 threadid_func.
They python ssl module code does that, so python ssl sockets should be
thread safe.
Can you explain why you disagree?
Can you provide example code that demonstrates a failure?
> In order to archive reentrancy, you have to do all IO yourself by
> operating the SSL connection in non-blocking mode or with a
> Memorio-BIO https://docs.python.org/3/library/ssl.html#ssl-nonblocking

That section is about how to work with non-blocking sockets. I'm not
using non-blocking sockets.
-- 
Grant Edwards grant.b.edwards Yow! Now I'm concentrating
 at on a specific tank battle
 gmail.com toward the end of World
 War II!

---

• Previous message (by thread): Is Python SSL API thread-safe?
• Next message (by thread): pyuno in Libreoffice 5.1.4.2
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-list mailing list