Lindsay Stewart

Do you know what version of Openssl you're using as libcrypto? If not, can you add `printf("%s", SSLeay_version(SSLEAY_VERSION))` to your code? And is this now building with the latest s2n-tls...

That's an unexpected development. s2n-tls doesn't actually support openssl-3.0 yet-- I'm curious how you're building with it. The known build failures are documented [here](https://github.com/aws/s2n-tls/issues/3082), and we have a developer working...

Ah but that's probably to do with how you're building s2n-tls vs how you're building your code and where you're calling the method to get the version. There is this...

All your debug info points to s2n_init being called twice, which we know (and document) is illegal and will fail. It's likely that something in your application code or one...

> I think you could write a test to run s2n_init and free in a loop to reproduce the problem. We have a test like that: https://github.com/aws/s2n-tls/blob/main/tests/unit/s2n_init_test.c

https://github.com/aws/s2n-tls/pull/3027 addresses all issues called out here: - Sets "managed_io" flags separately for send and recv - Fixes the memory leak where the managed io context isn't cleaned up if...

sizeof(struct s2n_connection) is currently ~4k. We're still (and probably always) looking to improve, but I'm going to close this ticket as out of date.

> Even if flush would be exported, applications would need to be changed to make use of it and to deal with the fact that the write return value does...

> if the current API is actually not meeting the expected behavior by customers , i would be more inclined to fix it. However, if the fix might break customers'...

@raycoll, did you end up resolving this issue by adding a new policy, or do you still want to change this existing policy?