Use OpenSSL 1.1.0 ASYNC engine support
OpenSSL 1.1.0 will add a neat feature:
*) Added ASYNC support. Libcrypto now includes the async sub-library to enable
cryptographic operations to be performed asynchronously as long as an
asynchronous capable engine is used. See the ASYNC_start_job() man page for
further details. Libssl has also had this capability integrated with the
introduction of the new mode SSL_MODE_ASYNC and associated error
SSL_ERROR_WANT_ASYNC. See the SSL_CTX_set_mode() and SSL_get_error() man
pages. This work was developed in partnership with Intel Corp.
[Matt Caswell]
If this works the way I imagine it would, we could have OpenSSL stick the RSA/DH/ECDH operations for TLS in another thread (for performance) or even in another process (for isolation).