OpenSSL 3.x
Recall from the overview that OpenSSL has two plugin mechanisms: engines and providers. "Engines" were the plugin mechanism in OpenSSL 1.x. OpenSSL 3.x introduced "providers" and deprecated engines.
This section describes how to set up OpenSSL with a provider-based integration.
This teaches OpenSSL how to talk to a Securosys HSM over the PKCS#11 API,
using an intermediate pkcs11-provider that translates between the OpenSSL API and the PKCS#11 API.
info
This guide only works with OpenSSL 3.x. When running OpenSSL 1.x you need to use the Engine API instead.
Architecture
Architecture: The pkcs11-provider sits between the
OpenSSL library and the PKCS#11 interface provided by
Securosys