OpenSSL 1.x

Recall from the overview that OpenSSL has two plugin mechanisms: engines and providers. "Engines" were the plugin mechanism in OpenSSL 1.x. OpenSSL 3.x introduced "providers" and deprecated engines.

This section describes how to set up OpenSSL with an engine-based integration for PKCS#11. It should work on both OpenSSL 1.x and 3.x.

info

When running OpenSSL 3.x we recommend using the provider-based integration since engines are deprecated.

This section also describes how to integrate other applications that use openssl (namely Apache and nginx) with Primus HSM.

Architecture

Architecture graphic from RedHat