@okba Thank you for your question!
mbedtls_ssl_write() encrypts the data and
mbedtls_ssl_read() decrypts and checks the data…
This is very much dependent on the negotiated cipher suite.
If for example, you are using AES and HASH, then the crypto operations are not symmetric, as AES encryption and AES decryption may not necessary have the same throughput.
If you have negotiated a ciphersuite with AEAD (as you probably have ), such as GCM, the the encryption and decryption are symmetrical, however, when decrypting, after generating the MAc, you also compare it.
However, the functions of
mbedtls_ssl_write() are not symmetrical at all.
Assuming we already have a negotiated TLS session,
mbedtls_ssl_write() just wirtes the record by calling
mbedtls_ssl_read(), after reading the record adds much more checking of the given data.
After all, you know what you are sending, but you don’t know what you are receiving.
mbed TLS Team member