Support OpenSSL provider #3115
Labels
Component: mosquitto-broker
Status: Available
No one has claimed responsibility for resolving this issue.
Type: Enhancement
A new feature for a minor or major release.
Milestone
Comments
ralight
added
Type: Enhancement
|
This is something I'd like to add, definitely. As a comment, using nginx for TLS termination is fine. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The feature request is related to problem
The mosquitto supports OpenSSL engine, just OpenSSL v3 declares engine deprecated and uses provider.
The solution I'd like
Implement support of OpenSSL provider.
For supporting provider, please use OSSL_PROVIDER_load(), etc.
https://docs.openssl.org/3.1/man3/OSSL_PROVIDER/#synopsis
Alternatives considered
Use MQTT without TLS and use a proxy (nginx), which supports OpenSSL provider.
For this solution, we see complexity and performance impact on our embedded Linux.
We do not know yet whether the proxy would support the publish/subscribe pattern of MQTT.
Additional context
We shall use MQTT with TLS, which references a private key stored in Trusted Platform Module (TPM).
OpenSSL provider for TPM is implemented here: https://github.com/tpm2-software/tpm2-openssl.
I have tested OpenSSL with tpm2 provider and tpm2tss engine.
I have not found support of OpenSSL provider in mosquitto.
The text was updated successfully, but these errors were encountered: