Issue #19553 has been reported by rupert (Robert Pankowecki). ---------------------------------------- Feature #19553: Document thread-safety of OpenSSL related classes such as OpenSSL::PKey::RSA or OpenSSL::Cipher etc https://bugs.ruby-lang.org/issues/19553 * Author: rupert (Robert Pankowecki) * Status: Open * Priority: Normal ---------------------------------------- From the ruby documentation it is not clear if these objects can be used (i.e. when assigned to a constant) by multiple threads. Especially for the respective encrypting/decrypting method after those objects are fully initialized with keys etc. If you look at what OpenSSL::PKey::RSA#private_encrypt does, it uses RSA_private_encrypt method from openssl: https://www.openssl.org/docs/man1.1.1/man3/RSA_private_encrypt.html . Which also is not documented in relation to thread-safety. The only thing that I found so far about this subject is:

OpenSSL can generally be used safely in multi-threaded applications provided that at least two callback functions are set, the locking_function and threadid_func. Note that OpenSSL is not completely thread-safe, and unfortunately not all global resources have the necessary locks. Further, the thread-safety does not extend to things like multiple threads using the same SSL object at the same time.

from https://www.openssl.org/docs/man1.0.2/man3/threads.html which on itself does not help much because: * it is vague (not clear what's the meaning of both "SSL object" and "at the same time") * I do not know if Ruby provides locking_function and threadid_func, perhaps it does https://github.com/ruby/ruby/blob/99d0a257af54aa819c6ced5f1ff8ff37e3d5342b/e... ? * I am not sure what's the impact of GIL on all this Looking at how Rails uses OpenSSL related objects, it seems that creating a new instance every time is the recommended approach. Can you confirm? -- https://bugs.ruby-lang.org/