Use OpenSSL 1.1.0 ASYNC engine support
OpenSSL 1.1.0 will add a neat feature:
*) Added ASYNC support. Libcrypto now includes the async sub-library to enable cryptographic operations to be performed asynchronously as long as an asynchronous capable engine is used. See the ASYNC_start_job() man page for further details. Libssl has also had this capability integrated with the introduction of the new mode SSL_MODE_ASYNC and associated error SSL_ERROR_WANT_ASYNC. See the SSL_CTX_set_mode() and SSL_get_error() man pages. This work was developed in partnership with Intel Corp. [Matt Caswell]
If this works the way I imagine it would, we could have OpenSSL stick the RSA/DH/ECDH operations for TLS in another thread (for performance) or even in another process (for isolation).