+1 for mutual authentication, I would use this. Can the TLS handshake be made to respect timeouts on sockets, or would this require changes deep inside OpenSSL? Graham