keyTMS ALL-ACCESS
local_offerOne money and time saving bundle
mouseCross Platform UI
bar_chartReporting
languageWeb
swap_horizCommunication
storageData
mouseWindows UI
psychologyAI
  •  
  •  
  •  
  1. Home
  2. Blog

Blog

All Blog Posts  |  Next Post  |  Previous Post

Enabling TLS 1.3 in TMS MQTT and TMS FNC Products

Today

Secure network communication is an essential aspect of modern applications. TLS 1.3 is the latest version of the TLS protocol, providing improved security and performance compared to earlier versions. With a small extension to TMS MQTT it is now possible to integrate modern OpenSSL libraries supporting TLS 1.3.

Let's see why we are introducing this addition, what was exactly added and how it can be used to enable TLS 1.3 support!

Note: In this post we'll focus on TMS MQTT but this change is introduced in TMS FNC WebSocket and TMS FNC Push Notification as well.

TLS support in Indy

Developers familiar with Indy know that its OpenSSL integration targets OpenSSL 1.0.2, which supports TLS versions up to TLS 1.2. While this setup has proven stable and widely used for many years, newer OpenSSL versions introduce support for TLS 1.3 which it is the currently recommended standard.

For applications using MQTT over secure connections, this means that using the latest TLS standard requires an alternative implementation compatible with Indy.

Custom SSL IO handler creation

To make this possible, we are introducing a new event in TTMSMQTTClient: OnCreateSSLIOHandler. 

Instead of relying on Indy’s default SSL IO handler, applications can now supply their own. This makes it possible to integrate SSL/TLS libraries that extend Indy with support for newer OpenSSL versions. Such libraries typically provide updated IO handler implementations.

Using TLS 1.3 with MQTT

Using this mechanism is straightforward! A SSL/TLS library simply needs to provide an IO handler descendant that is created inside the OnCreateSSLIOHandler event. Once the handler is returned through the event, the component will use it to establish the secure connection.

One example of such a library is TaurusTLS. TaurusTLS provides Indy-compatible SSL handlers supporting OpenSSL 3.x and TLS 1.3, allowing MQTT applications to benefit from modern TLS standards. Installation is just a matter of compiling and installing packages, but the library is also compatible with TMS Smart Setup, making integration very easy!

Below is a simple example showing how to create the SSL IO handler using TaurusTLS.
procedure TForm1.TMSMQTTClient1CreateSSLIOHandler(ASender: TObject; 
  var ASSLIOHandler: TIdIOHandler);
begin  
  //Good to know: TTMSMQTTClient takes ownership of the created handler
  // and manages its lifetime automatically!

  ASSLIOHandler := TTaurusTLSIOHandlerSocket.Create;
  TTaurusTLSIOHandlerSocket(ASSLIOHandler).PassThrough := False;

  //Apply other IO handler settings here if needed
end;

Conclusion

All of this is readily available to download and try with TMS MQTT v2.0.11.0. While this functionality was initially researched with MQTT connections in mind, it quickly became clear that the same approach could benefit other products using secure communication. The mechanism has therefore also been introduced in:

With this extension, our components gain the flexibility to work with modern SSL/TLS libraries while preserving the existing architecture. This allows developers to adopt TLS 1.3 in a straightforward way while keeping existing applications and components compatible.

Tunde Keller




This blog post has not received any comments yet.



Add a new comment

You will receive a confirmation mail with a link to validate your comment, please use a valid email address.
All fields are required.



All Blog Posts  |  Next Post  |  Previous Post