Thank you for the response.

I was under the (probably incorrect) assumption that wolfSSL_read() may do both reads and writes on the underlying transport.  Same with wolfSSL_write().  If this is *not* the case and SSL_read only does reads and SSL_write only does writes, then things get a little easier.

Still wrapping my head around all the details.  One aspect I struggle with is breaking a select() call when a packet comes in on CAN hardware.  On linux I would use a pipe to patch into the select(), but that's not available in this environment.  My solution of last resort will be to use non-blocking sockets in a polling loop, but would prefer to do something more elegant and less busy.

I have a standard TCP socket application running with lwip and FreeRTOS, and I would like to secure it with wolfssl embedded ssl.

The application is a CAN packet relay, so we don't know if the next io over the network will be a read or a write.  I currently implement this by having 1 thread dedicated to reading the socket and another thread for writing.

As I understand it, this will not work for wolfssl.  Protecting read/write with a mutex will also not work, because the reader thread will hold the mutex and block the writer until something is received.

So my question is, what is a good way to do random read/write with wolfssl?

Thanks,
Dan.