Socket and SSLSocket thread safety
Florian Weimer
fw at deneb.enyo.de
Sat Oct 19 13:41:52 UTC 2019
If I'm not mistaken, there are currently no concurrency guarantees in
the spec for Socket and SSLSocket.
Specifically, I'm interested whether two different threads can use the
the streams returned by getInputStream() and getOutputStream() without
synchronization. (This is useful for implementing full-duplex
connections without having to wrestle with SSLEngine.)
Peeking at the implementation of SSLSocket, I see that there is quite
a bit of locking performed in there. Is this expected to be
sufficient for the scenario I outlined?
More information about the security-dev
mailing list