views:

148

answers:

2

Is it OK if the same OpenSSL context is used by several different accepting sockets?

In particular I'm using the same boost::asio::ssl::context with 2 different listening sockets.

+1  A: 

Yep, SSL_CTX--which I believe is the underlying data structure--is just a global data structure used by your program. From ssl(3):

SSL_CTX (SSL Context)

That's the global context structure which is created by a server or client once per program life-time and which holds mainly default values for the SSL structures which are later created for the connections.

sixlettervariables
Do you mean yes it is ok because of that reason?
Brian R. Bondy
@Brian R. Bondy: I updated it to change the language...since I botched the 'Nope' part! Thanks.
sixlettervariables
+1  A: 

It should be OK.

For example a typical RFC4217 FTPS server will use the same SSL context for the control socket and all data sockets within that session.

slim
Great, thanks for the example.
Brian R. Bondy
Only within that session? Or within all sessions of the server?
Brian R. Bondy