On Tue, Sep 10, 2019 at 6:04 PM Alex Christensen via Boost wrote:

At https://github.com/boostorg/asio/pull/283 https://github.com/boostorg/asio/pull/283 I’ve attached a proof-of-concept which explores making ASIO secure by default.

This looks like nonsense to me. `asio::ssl::stream` is a layered stream [1] which is implemented in terms of operations on an instance of the NextLayer type. For example, given: asio::ssl::streamtcp::socket ss{...}; the next layer type is tcp::socket, which meets the requirements of SyncReadStream, SyncWriteStream, AsyncReadStream, and AsyncWriteStream. Asio's ssl::stream can work with any type which meets the requirements. Here's an example that uses Beast's test stream [2]: asio::ssl::streambeast::test::stream ss{...}; What you have done is ignore the elegant concept-driven design of Asio, and instead invest energy to pursue some religious agenda ("secure by default"). The result is a less functional networking component. Here's are two more examples which cannot be implemented with your design: This one provides real-time counts of encrypted bytes read and written [3] asio::ssl::streamtcp::socket> ss{...}; This one supports inline timeouts, delivered as the error code beast::error::timeout [4]: asio::ssl::streambeast::tcp_stream ss{...}; You should have come to me first so I could spare you the wasted effort by explaining that your design is crippled out of the box. It isn't too late, I am more than happy to help you find more productive uses of your time. Regards [1] https://www.boost.org/doc/libs/1_71_0/libs/beast/doc/html/beast/using_io/lay... [2] https://www.boost.org/doc/libs/1_71_0/libs/beast/doc/html/beast/ref/boost__b... [3] https://www.boost.org/doc/libs/1_71_0/libs/beast/doc/html/beast/using_io/lay... [4] https://www.boost.org/doc/libs/1_71_0/libs/beast/doc/html/beast/using_io/tim...