The API that ASIOSession exposes to perform SSL handshake (i.e., handshakeSSLForEgressWithLock) comprises two steps:

• Constructing a SSL socket from the existing socket.
• Initiating handshake and returning a future.

To support concurrent accesses to the socket object (e.g., from timers that enforce a timeout for the SSL handshake), the first step is done while holding a mutex:

Future<void> TransportLayerASIO::ASIOSession::handshakeSSLForEgressWithLock(
    stdx::unique_lock<Latch> lk, const HostAndPort& target, const ReactorHandle& reactor) {
    ...
    _sslSocket.emplace(std::move(_socket), *_sslContext->egress, removeFQDNRoot(target.host()));
    lk.unlock();
    ...
    return doHandshake().then([this, target, reactor] {
        ...
    });
}

Separating these steps and ensuring the SSL socket is constructed before setting up timers would obviate the need for having the mutex.