shutdown problem between cyassl - openssl

  • Visibilis

    Visibilis - 2010-10-01


    I would like to ask for help with the following problem:

    I need to reuse the transport layer (TCP socket, currently) doing several (SSL_new, SSL_connect/accept, _sending data to and from, SSL_shutdown, SSL_free_) sessions one after the other.
    If both client and server are cyassl only (or openssl only), it works flawlessly.
    But if the client is cyassl and the server is openssl (or vice versa), there are problems after the first session.

    Thank you in advance,


  • Todd Ouska

    Todd Ouska - 2010-10-01

    CyaSSL doesn't support reuse of the underlying connection in the exact same way that OpenSSL does through the use of SSL_shutdown() in two phases.  That is something we can change.

    But I'm curious.  If you know you're going to be reusing the underlying connection why not just leave it open in the first place?

  • Visibilis

    Visibilis - 2010-10-05

    I need this, for example, because I would like to use an external session cache. The cache should be able to work with OpenSSL, as well. I would like to use the cache along the lines of i2d_SSL_SESSION and d2i_SSL_SESSION.
    One use case would be to start an ssl session, shut it down, and open a new ssl session using the serialized session from the external cache. All using one underlining connection.

  • Todd Ouska

    Todd Ouska - 2010-10-05

    That's not going to be possible I think.  A session cache is implementation specific, there's no standard for what and how to store it.  That is, you can't use the same session cache with OpenSSL, gnuTLS, yaSSL etc…  Further, CyaSSL doesn't support an external session cache since it's intended for embedded use.  That's not say it won't in the future but we haven't had any requests for it yet.

  • Visibilis

    Visibilis - 2010-10-08

    Thank you for your kind reply.

    Could you give me a hint what I should do to be able to reuse the underlying connection with cyassl?
    Will you implement it, if I ask you nicely? :)

  • Todd Ouska

    Todd Ouska - 2010-10-11

    Use CyaSSL on both ends is one solution.  Don't call SSL_shutdown on either end may be another.

    At some point we'll update CyaSSL to handle this situation but we're very busy with customers and potential customers at the moment so I can't give an estimate of when that will be.

  • Visibilis

    Visibilis - 2010-10-13

    Both of these are sensible solutions, but neither of them work for me, unfortunately.
    I am glad to hear that you plan to update CyaSSL.
    If you don't mind, I will write a feature request, so that it won't get forgotten.

  • Todd Ouska

    Todd Ouska - 2010-10-13

    Fair enough.  Please do enter a request.

  • Todd Ouska

    Todd Ouska - 2010-10-18

    Hey, since you have a few feature requests and ideas about yaSSL do you want to talk them through?  We can determine how quickly we complete them and set priorities for each. 

    You can send me email at or we'll be available this week on skype, handle stefonic.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks