Hello, Now OpenSSL generates master secret and read/write keys inside the library, left only premaster secret decryption to the engine.
In case of hardware-based TLS engine it could be not an option, as there may be no possibility to set read/write keys from outside (or it may be restricted according to some rules of such hardware usage). If someone would needed to implement such device support in OpenSSL: 1. How would you estimate required effort? 2. What is the best base OpenSSL version to start with? 3. What is necessary to take into account, but may be not visible from the beginning? Would be really appreciated for any answer. Andrey.