After SSL_CTX is not only containing default settings but hash of sessions, this seems to be thread safe using a locks.
``` SSL_CTX_add_session CRYPTO_THREAD_write_lock(ctx->lock); ... CRYPTO_THREAD_unlock(ctx->lock); ```
OpenSSL can be safely used in multi-threaded applications provided that support for the underlying OS threading API is built-in. Currently, OpenSSL supports the pthread and Windows APIs. OpenSSL can also be built without any multi-threading support, for example on platforms that don't provide any threading support or that provide a threading API that is not yet supported by OpenSSL.
Not sure if there could be a pitfall for forking process, better keep the default value as it is.
It seems another option, could be to copy only the X509_store