Support OpenSSL provider
Opened this issue · 1 comments
The feature request is related to problem
The mosquitto supports OpenSSL engine, just OpenSSL v3 declares engine deprecated and uses provider.
The solution I'd like
Implement support of OpenSSL provider.
For supporting provider, please use OSSL_PROVIDER_load(), etc.
https://docs.openssl.org/3.1/man3/OSSL_PROVIDER/#synopsis
Alternatives considered
Use MQTT without TLS and use a proxy (nginx), which supports OpenSSL provider.
For this solution, we see complexity and performance impact on our embedded Linux.
We do not know yet whether the proxy would support the publish/subscribe pattern of MQTT.
Additional context
We shall use MQTT with TLS, which references a private key stored in Trusted Platform Module (TPM).
OpenSSL provider for TPM is implemented here: https://github.com/tpm2-software/tpm2-openssl.
I have tested OpenSSL with tpm2 provider and tpm2tss engine.
I have not found support of OpenSSL provider in mosquitto.
This is something I'd like to add, definitely.
As a comment, using nginx for TLS termination is fine.