Is there any way to flush the SSL write buffer

Where did you learn that the write buffer would need to be flushed after a write?

I was also looking for a flush function, but could not find one.

I think it works like this: Every call to SSL_write produces at least one SSL record and emits that out to the socket, where the nagle algorithm might buffer it in the kernel for a moment and quickly submits it to the outside.

So there is no buffering in SSL_write and therefore no flush!

I'd rather have a flush function and fill all SSL records to the brim, but that's not available as far as I see. I now plan to do my own buffering and to do as large calls to SSL_write as possible.

BTW: I just wrote a little test program: It sends a buffer with one write and then I ran it again, calling SSL_write for each character. Both times I run tcpdump and in Wireshark I could see that the first run had few large application data records and the second run had many small records. So I think it's confirmed.


BIO_flush is used to flush write data.

Your mix and match of BIO_flush and SSL_read/write is problematic because the BIO structure is not aware of your SSL_read/write calls.

You'll get much better results from using BIO_read/write.

If you absolutely need to be using SSL_read/write you should avoid using BIOs.

I think you'll get much farther with the example at the end of this OpenSSL documentation.

Simple OpenSSL Client Example

If you're still getting crashes when trying that example, you might be having issues with the particular library build you are using.

Tags:

Openssl