Does IOTMP (Arduino-Library) support TSLv1.3?

[georgevbsantiago]

This is a question (or a "bug")

When consulting the Devices Screen, the caption of the lock informs that the IOTMP protocol uses "TSLv1" (see image below). Does this mean "TSLv1.0"? Or is it a bug, and should it report "TSLv1.3"?

In the version 5.1.1 post, it is stated that HTTP devices support TSLv1.3

If "TSLv1.0" is correct, is it feasible that the IOTMP protocol (used in Arduino-Library) uses TSLv1.3? Or are there challenges involving the implementation of TSLv1.3 in low power microcontrollers (eg 8bits, 16bits...)?

Interesting text: https://blog.cloudflare.com/why-iot-is-insecure/

[alvarolb]

IOTMP operates at the application layer, which means it does not impose any restrictions on the transport layer. It can use plain TCP or any encrypted secure connection. So, it depends on the client configuration.

Thinger.io Server supports TLS v1.2 and TLS v1.3 by default. TLS v1 refers to TLS v1.0, which, along with TLS v1.1, is deprecated. However, starting from version 6.2.5, the server can be configured to allow insecure TLS protocols. There are plenty of devices out there that are so outdated.

The ability of older microcontrollers to support newer TLS versions largely depends on their specific implementations, libraries, and support from the community. But for sure, they use much more resources than previous protocols.