2. Compatibility
This release of the Security Plugins includes partial support for the DDS Security 1.2 Specification from the Object Management Group (OMG).
The Security Plugins 7.3.0 are interoperable with the Security Plugins 5.2.7 and higher.
Persistence Service databases secured with the Security Plugins 7.3.0 are incompatible with databases generated by versions of Persistence Service older than 7.0.0.
When using the Security Plugins SDK, the required minimum version of CMake is 3.12 if linking dynamically and 3.13 if linking statically.
In release 7.3.0, the Security Plugins are available for use with OpenSSL® 1.1.1, OpenSSL 3.0, and wolfSSL® 5.5. There are separate installation packages for each of these options.
For more information about other backward compatibility issues, see the Migration Guide on the RTI Community Portal (https://community.rti.com/documentation).
2.1. Compatibility with OpenSSL 3.0
The Security Plugins 7.3.0 for OpenSSL are API-compatible with OpenSSL 3.0. The Security Plugins 7.3.0 have only been tested by RTI using OpenSSL 3.0.12. OpenSSL 3.0.12 is not compatible with Security Plugins versions that were tested using OpenSSL 3.0.9 or below.
The Security Plugins SDK has been tested with OpenSSL 3.0.12.
2.2. Compatibility with wolfSSL 5.5
The Security Plugins 7.3.0 for wolfSSL have been tested with wolfSSL 5.5.1 on following target platform:
QNX® Neutrino® 7.1 systems on Arm® v8 CPUs (RTI architecture: armv8QNX7.1qcc_gpp8.3.0)
Limitations when using wolfSSL:
The Security Plugins for wolfSSL are interoperable with the Security Plugins for OpenSSL in most configurations. However, there are some features that are not supported by the Security Plugins for wolfSSL:
Diffie-Hellman: The Security Plugins for wolfSSL only support the ECDHE-CEUM+P256 and ECDHE-CEUM+P384 Elliptic Curve Diffie-Hellman (ECDHE) key establishment algorithms.
RSASSA-PSS-MGF1SHA256+2048+SHA256: The Security Plugins for wolfSSL support for digital signatures is limited to the RSASSA-PKCS1-V1_5+2048+SHA256, ECDSA-P256+SHA256, and ECDSA-P384+SHA384 algorithms.
OpenSSL engines/providers are not supported.
If you use an unsupported certificate extension, you will get the “error details not available” message instead of OpenSSL’s more debuggable “unhandled critical extension” message. See wolfSSL issue #6890 for more information about the problem and future fix.