ralight
commented
1 month ago This is something I'd like to add, definitely.
As a comment, using nginx for TLS termination is fine.
Open raihav opened 2 months ago
ralight
commented
1 month ago This is something I'd like to add, definitely.
As a comment, using nginx for TLS termination is fine.
The feature request is related to problem The mosquitto supports OpenSSL engine, just OpenSSL v3 declares engine deprecated and uses provider.
The solution I'd like Implement support of OpenSSL provider. For supporting provider, please use OSSL_PROVIDER_load(), etc. https://docs.openssl.org/3.1/man3/OSSL_PROVIDER/#synopsis
Alternatives considered Use MQTT without TLS and use a proxy (nginx), which supports OpenSSL provider. For this solution, we see complexity and performance impact on our embedded Linux. We do not know yet whether the proxy would support the publish/subscribe pattern of MQTT.
Additional context We shall use MQTT with TLS, which references a private key stored in Trusted Platform Module (TPM). OpenSSL provider for TPM is implemented here: https://github.com/tpm2-software/tpm2-openssl. I have tested OpenSSL with tpm2 provider and tpm2tss engine. I have not found support of OpenSSL provider in mosquitto.