From af1bf4b4966cf39890696eea8661cc4313dd32c5 Mon Sep 17 00:00:00 2001
From: jiangrujie <jiangrujie@bytedance.com>
Date: Tue, 23 Sep 2025 19:53:06 +0800
Subject: [PATCH 1/2] + Remove BIO for SSL

---
 src/brpc/socket.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/brpc/socket.cpp b/src/brpc/socket.cpp
index 6de247c388..73ea309a71 100644
--- a/src/brpc/socket.cpp
+++ b/src/brpc/socket.cpp
@@ -2049,7 +2049,12 @@ int Socket::SSLHandshake(int fd, bool server_mode) {
             }
 
             _ssl_state = SSL_CONNECTED;
-            AddBIOBuffer(_ssl_session, fd, FLAGS_ssl_bio_buffer_size);
+            // Adding a BIO layer requires calling BIO_flush manually after SSL_write,
+            // which could trigger EAGAIN for large packets. However, it's very tedious
+            // to handle EAGAIN from both SSL_write and BIO_flush under current implementation.
+            // Also, BIO is a bit outdated for modern TCP as it already contains buffering.
+            // We decide to disable BIO.
+            // AddBIOBuffer(_ssl_session, fd, FLAGS_ssl_bio_buffer_size);
             return 0;
         }
 

From 7f8a0bbaf6e13210032b981eb1c017e77a1e13dc Mon Sep 17 00:00:00 2001
From: jiangrujie <jiangrujie@bytedance.com>
Date: Wed, 24 Sep 2025 10:23:12 +0800
Subject: [PATCH 2/2] + remove BIO_flush

---
 src/butil/iobuf.cpp | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/butil/iobuf.cpp b/src/butil/iobuf.cpp
index 5ad1356653..26046e3745 100644
--- a/src/butil/iobuf.cpp
+++ b/src/butil/iobuf.cpp
@@ -929,16 +929,17 @@ ssize_t IOBuf::cut_multiple_into_SSL_channel(SSL* ssl, IOBuf* const* pieces,
     }
 
 #ifndef USE_MESALINK
-    // Flush remaining data inside the BIO buffer layer
-    BIO* wbio = SSL_get_wbio(ssl);
-    if (BIO_wpending(wbio) > 0) {
-        int rc = BIO_flush(wbio);
-        if (rc <= 0 && BIO_fd_non_fatal_error(errno) == 0) {
-            // Fatal error during BIO_flush
-            *ssl_error = SSL_ERROR_SYSCALL;
-            return rc;
-        }
-    }
+    // BIO is disabled for now (see socket.cpp) and the following implementation is
+    // NOT correct since it doesn't handle the EAGAIN event of BIO_flush
+//    BIO* wbio = SSL_get_wbio(ssl);
+//    if (BIO_wpending(wbio) > 0) {
+//        int rc = BIO_flush(wbio);
+//        if (rc <= 0 && BIO_fd_non_fatal_error(errno) == 0) {
+//            // Fatal error during BIO_flush
+//            *ssl_error = SSL_ERROR_SYSCALL;
+//            return rc;
+//        }
+//    }
 #else
     int rc = SSL_flush(ssl);
     if (rc <= 0) {