Is Python SSL API thread-safe?

Grant Edwards grant.b.edwards at
Sat Jan 28 15:02:48 EST 2017

On 2017-01-22, Christian Heimes <christian at> wrote:

> OpenSSL and Python's ssl module are thread-safe. However IO is not
> safe concerning reentrancy. You cannot safely share a SSLSocket
> between threads without a mutex. Certain aspects of the TLS protocol
> can cause interesting side effects. A recv() call can send data
> across a wire and a send() call can receive data from the wire,
> e.g. during re-keying.

And it looks to me like the Python SSL module does all of that.  It
provides mutexes and thread ID and locking callbacks as described in
the page below:

According to that page above it's safe to share the socket between

   OpenSSL can safely be used in multi-threaded applications provided
   that at least two callback functions are set, locking_function and

They python ssl module code does that, so python ssl sockets should be
thread safe.

Can you explain why you disagree?

Can you provide example code that demonstrates a failure?

> In order to archive reentrancy, you have to do all IO yourself by
> operating the SSL connection in non-blocking mode or with a
> Memorio-BIO

That section is about how to work with non-blocking sockets.  I'm not
using non-blocking sockets.

Grant Edwards               grant.b.edwards        Yow! Now I'm concentrating
                                  at               on a specific tank battle
                                toward the end of World
                                                   War II!

More information about the Python-list mailing list