diff --git a/Kconfig b/Kconfig
index ec36ac1d6..857c9571c 100644
--- a/Kconfig
+++ b/Kconfig
@@ -4,19 +4,27 @@ config LWS_MODEL_NAME
 	string "Model name of device firmware is for"
 	default "lws"
 
+config LWS_IS_FACTORY_APPLICATION
+	bool "Is this application is designed for the FACTORY flash slot"
+	default "n"
+
 config LWS_OTA_SERVER_FQDN
+	depends on LWS_IS_FACTORY_APPLICATION
 	string "Domain name of OTA update server, eg, warmcat.com"
 	default ""
 
 config LWS_OTA_SERVER_BASE_URL
+	depends on LWS_IS_FACTORY_APPLICATION
 	string "Base URL on OTA update server, eg, /esp32-ota (model is added)"
 	default "/esp32-ota"
 
 config LWS_OTA_SERVER_UPLOAD_USER
+	depends on LWS_IS_FACTORY_APPLICATION
 	string "User to scp to upload server with"
 	default "root"
 
 config LWS_OTA_SERVER_UPLOAD_PATH
+	depends on LWS_IS_FACTORY_APPLICATION
 	string "Path served in upload server (eg, \"/var/www/libwebsockets.org\""
 	default "/var/www/libwebsockets.org"
 
diff --git a/lib/lws-plat-esp32.c b/lib/lws-plat-esp32.c
index 9261f8c9f..82e39ce4d 100644
--- a/lib/lws-plat-esp32.c
+++ b/lib/lws-plat-esp32.c
@@ -880,9 +880,11 @@ lws_esp_ota_get_boot_partition(void)
 		 * factory partition right now.
 		 */
 		part = factory_part;
-	} else
-		if (LWS_IS_FACTORY_APPLICATION == 1 &&
-		    ota_eih.spi_mode != 0xff &&
+	} 
+	
+#ifdef CONFIG_LWS_IS_FACTORY_APPLICATION
+	else
+		if (ota_eih.spi_mode != 0xff &&
 		    part->address != factory_part->address) {
 			uint8_t buf[4096];
 			uint32_t n;
@@ -919,6 +921,7 @@ lws_esp_ota_get_boot_partition(void)
 retry:
 			esp_restart();
 		}
+#endif
 
 	return part;
 }
diff --git a/lib/server.c b/lib/server.c
index d6baa597d..2de0e6a40 100644
--- a/lib/server.c
+++ b/lib/server.c
@@ -350,8 +350,7 @@ lws_http_serve(struct lws *wsi, char *uri, const char *origin,
 	const struct lws_protocol_vhost_options *pvo = m->interpret;
 	struct lws_process_html_args args;
 	const char *mimetype;
-#if !defined(_WIN32_WCE) && !defined(LWS_WITH_ESP8266) && \
-    !defined(LWS_WITH_ESP32)
+#if !defined(_WIN32_WCE) && !defined(LWS_WITH_ESP8266)
 	const struct lws_plat_file_ops *fops;
 	const char *vpath;
 	lws_fop_flags_t fflags = LWS_O_RDONLY;
@@ -368,8 +367,7 @@ lws_http_serve(struct lws *wsi, char *uri, const char *origin,
 
 	lws_snprintf(path, sizeof(path) - 1, "%s/%s", origin, uri);
 
-#if !defined(_WIN32_WCE) && !defined(LWS_WITH_ESP8266) && \
-    !defined(LWS_WITH_ESP32)
+#if !defined(_WIN32_WCE) && !defined(LWS_WITH_ESP8266)
 
 	fflags |= lws_vfs_prepare_flags(wsi);
 
@@ -391,6 +389,9 @@ lws_http_serve(struct lws *wsi, char *uri, const char *origin,
 		/* if it can't be statted, don't try */
 		if (fflags & LWS_FOP_FLAG_VIRTUAL)
 			break;
+#if defined(LWS_WITH_ESP32)
+		break;
+#endif
 #if !defined(WIN32)
 		if (fstat(wsi->u.http.fop_fd->fd, &st)) {
 			lwsl_info("unable to stat %s\n", path);
@@ -407,7 +408,7 @@ lws_http_serve(struct lws *wsi, char *uri, const char *origin,
 		fflags |= LWS_FOP_FLAG_MOD_TIME_VALID;
 
 		lwsl_debug(" %s mode %d\n", path, S_IFMT & st.st_mode);
-#if !defined(WIN32) && LWS_POSIX
+#if !defined(WIN32) && LWS_POSIX && !defined(LWS_WITH_ESP32)
 		if ((S_IFMT & st.st_mode) == S_IFLNK) {
 			len = readlink(path, sym, sizeof(sym) - 1);
 			if (len) {
diff --git a/lib/ssl.c b/lib/ssl.c
index d161e5fcb..03e6d7687 100644
--- a/lib/ssl.c
+++ b/lib/ssl.c
@@ -1,7 +1,7 @@
 /*
  * libwebsockets - small server side websockets and web server implementation
  *
- * Copyright (C) 2010-2016 Andy Green <andy@warmcat.com>
+ * Copyright (C) 2010-2017 Andy Green <andy@warmcat.com>
  *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
@@ -329,10 +329,17 @@ lws_ssl_capable_read(struct lws *wsi, unsigned char *buf, int len)
 
 	if (n < 0) {
 		n = lws_ssl_get_error(wsi, n);
-		if (n ==  SSL_ERROR_WANT_READ || n ==  SSL_ERROR_WANT_WRITE) {
+		if (n ==  SSL_ERROR_WANT_READ || SSL_want_read(wsi->ssl)) {
+			lwsl_debug("%s: WANT_READ\n", __func__);
 			lwsl_debug("%p: LWS_SSL_CAPABLE_MORE_SERVICE\n", wsi);
 			return LWS_SSL_CAPABLE_MORE_SERVICE;
 		}
+		if (n ==  SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->ssl)) {
+			lwsl_debug("%s: WANT_WRITE\n", __func__);
+			lwsl_debug("%p: LWS_SSL_CAPABLE_MORE_SERVICE\n", wsi);
+			return LWS_SSL_CAPABLE_MORE_SERVICE;
+		}
+
 
 		lwsl_err("%s failed2: %s\n",__func__,
 				 ERR_error_string(lws_ssl_get_error(wsi, 0), NULL));
@@ -410,6 +417,7 @@ lws_ssl_capable_write(struct lws *wsi, unsigned char *buf, int len)
 	n = lws_ssl_get_error(wsi, n);
 	if (n == SSL_ERROR_WANT_READ || n == SSL_ERROR_WANT_WRITE) {
 		if (n == SSL_ERROR_WANT_WRITE) {
+			lwsl_debug("%s: WANT_WRITE\n", __func__);
 			lws_set_blocking_send(wsi);
 		}
 		return LWS_SSL_CAPABLE_MORE_SERVICE;
@@ -532,6 +540,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
 #endif
 #else
 #if defined(LWS_WITH_ESP32)
+		lws_plat_set_socket_options(wsi->vhost, accept_fd);
 #else
 		SSL_set_mode(wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 		bio = SSL_get_rbio(wsi->ssl);
@@ -648,7 +657,7 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
 #endif
 
 go_again:
-		if (m == SSL_ERROR_WANT_READ) {
+		if (m == SSL_ERROR_WANT_READ || SSL_want_read(wsi->ssl)) {
 			if (lws_change_pollfd(wsi, 0, LWS_POLLIN)) {
 				lwsl_err("%s: WANT_READ change_pollfd failed\n", __func__);
 				goto fail;
@@ -657,7 +666,9 @@ go_again:
 			lwsl_info("SSL_ERROR_WANT_READ\n");
 			break;
 		}
-		if (m == SSL_ERROR_WANT_WRITE) {
+		if (m == SSL_ERROR_WANT_WRITE || SSL_want_write(wsi->ssl)) {
+			lwsl_debug("%s: WANT_WRITE\n", __func__);
+
 			if (lws_change_pollfd(wsi, 0, LWS_POLLOUT)) {
 				lwsl_err("%s: WANT_WRITE change_pollfd failed\n", __func__);
 				goto fail;