AzureManagedHsmTLSOffload

Azure Managed HSM offers a TLS Offload library which is compliant with PKCS#11 version 2.40. We do not support all possible functions listed in the PKCS#11 specification. Our TLS Offload library supports a limited set of functions and mechanisms for SSL/TLS Offload with F5 (BigIP) and Nginx only!

Supported Operating Systems
TLS Offload Library supports CentOS 7, Ubuntu 20.04, Ubuntu 22.04 and CBL Mariner 2 only!

• CentOS 7 (mhsm-pkcs11-1.1.0.02802-1.cm2.x86_64.rpm)
• Ubuntu 20.04 and 22.04 (mhsm-pkcs11_1.1.0.02802_amd64.deb)
• CBL Mariner 2 (mhsm-pkcs11-1.1.0.02802-1.el7.x86_64.rpm)

Supported Key Types & Mechanisms
You can find a list of all supported key types and mechanisms here:
https://github.com/microsoft/AzureManagedHsmTLSOffload#supported-key-types--mechanisms

Not Supported

• AES Keys Not Supported.
• Encryption / Decryption Not Supported.
• Key Wrap Not Supported
• Triple Des (3DES) Not Supported
• Key Derivation Not Supported
• TLS Offload Library has also removed support for C_GenerateKey, C_GetOperationState, C_SetOperationState, C_EncryptInit, C_Encrypt, C_DecryptInit, C_Decrypt

Release Notes: What Changed

• Added one last release package for CentOS 7.
• Fixed bug causing closed session handles to be reused under specific circumstances.

Azure Managed HSM offers a TLS Offload library which is compliant with PKCS#11 version 2.40. We do not support all possible functions listed in the PKCS#11 specification. Our TLS Offload library supports a limited set of functions and mechanisms for SSL/TLS Offload with F5 (BigIP) and Nginx only!

Supported Operating Systems
TLS Offload Library supports Ubuntu 20.04, Ubuntu 22.04 and CBL Mariner 2 only!

• Ubuntu 20.04 and 22.04 (mhsm-pkcs11_1.1.0.02432_amd64.deb)
• CBL Mariner 2 (mhsm-pkcs11-1.1.0.02432-1.cm2.x86_64.rpm)

Supported Key Types & Mechanisms
You can find a list of all supported key types and mechanisms here:
https://github.com/microsoft/AzureManagedHsmTLSOffload#supported-key-types--mechanisms

Not Supported

• AES Keys Not Supported.
• Encryption / Decryption Not Supported.
• Key Wrap Not Supported
• Triple Des (3DES) Not Supported
• Key Derivation Not Supported
• TLS Offload Library has also removed support for C_GenerateKey, C_GetOperationState, C_SetOperationState, C_EncryptInit, C_Encrypt, C_DecryptInit, C_Decrypt

Release Notes: What Changed

• Added Feature: Allow Curl logging to be used by non-debug packages (Using verbose logging is not recommended for production).

Azure Managed HSM offers a TLS Offload library which is compliant with PKCS#11 version 2.40. We do not support all possible functions listed in the PKCS#11 specification. Our TLS Offload library supports a limited set of functions and mechanisms for SSL/TLS Offload with F5 (BigIP) and Nginx only!

Supported Operating Systems
TLS Offload Library supports CentOS 7, Ubuntu 20.04, Ubuntu 22.04 and CBL Mariner 2 only!

• CentOS 7 (mhsm-pkcs11-1.1.0.02432-1.el7.x86_64.rpm)
• Ubuntu 20.04 and 22.04 (mhsm-pkcs11_1.1.0.02432_amd64.deb)
• CBL Mariner 2 (mhsm-pkcs11-1.1.0.02432-1.cm2.x86_64.rpm)

Supported Key Types & Mechanisms
You can find a list of all supported key types and mechanisms here:
https://github.com/microsoft/AzureManagedHsmTLSOffload#supported-key-types--mechanisms

Not Supported

• AES Keys Not Supported.
• Encryption / Decryption Not Supported.
• Key Wrap Not Supported
• Triple Des (3DES) Not Supported
• Key Derivation Not Supported
• TLS Offload Library has also removed support for C_GenerateKey, C_GetOperationState, C_SetOperationState, C_EncryptInit, C_Encrypt, C_DecryptInit, C_Decrypt

Release Notes: What Changed

• Added Feature: Support for libp11-0.4.12

Azure Managed HSM offers a TLS Offload library which is compliant with PKCS#11 version 2.40. We do not support all possible functions listed in the PKCS#11 specification. Our TLS Offload library supports a limited set of functions and mechanisms for SSL/TLS Offload with F5 (BigIP) and Nginx only!

Supported Operating Systems
TLS Offload Library supports CentOS 7, Ubuntu 20.04, Ubuntu 22.04 and CBL Mariner 2 only!

• CentOS 7 (mhsm-pkcs11-1.1.0.02432-1.el7.x86_64.rpm)
• Ubuntu 20.04 and 22.04 (mhsm-pkcs11_1.1.0.02432_amd64.deb)
• CBL Mariner 2 (mhsm-pkcs11-1.1.0.02432-1.cm2.x86_64.rpm)

Supported Key Types & Mechanisms
You can find a list of all supported key types and mechanisms here:
https://github.com/microsoft/AzureManagedHsmTLSOffload#supported-key-types--mechanisms

Not Supported

• AES Keys Not Supported.
• Encryption / Decryption Not Supported.
• Key Wrap Not Supported
• Triple Des (3DES) Not Supported
• Key Derivation Not Supported
• TLS Offload Library has also removed support for C_GenerateKey, C_GetOperationState, C_SetOperationState, C_EncryptInit, C_Encrypt, C_DecryptInit, C_Decrypt

Release Notes: What Changed

• Added Feature: Support for Ubuntu 22.04

Azure Managed HSM offers a TLS Offload library which is compliant with PKCS#11 version 2.40. We do not support all possible functions listed in the PKCS#11 specification. Our TLS Offload library supports a limited set of functions and mechanisms for SSL/TLS Offload with F5 (BigIP) and Nginx only!

Supported Operating Systems
TLS Offload Library supports CentOS 7, Ubuntu 20.04 and CBL Mariner 2 only!

• CentOS 7 (mhsm-pkcs11-1.1.0.02361-1.el7.x86_64.rpm)
• Ubuntu 20.04 (mhsm-pkcs11_1.1.0.02361_amd64.deb)
• CBL Mariner 2 (mhsm-pkcs11-1.1.0.02361-1.cm2.x86_64.rpm)

Supported Key Types & Mechanisms
You can find a list of all supported key types and mechanisms here:
https://github.com/microsoft/AzureManagedHsmTLSOffload#supported-key-types--mechanisms

Not Supported

• AES Keys Not Supported.
• Encryption / Decryption Not Supported.
• Key Wrap Not Supported
• Triple Des (3DES) Not Supported
• Key Derivation Not Supported
• TLS Offload Library has also removed support for C_GenerateKey, C_GetOperationState, C_SetOperationState, C_EncryptInit, C_Encrypt, C_DecryptInit, C_Decrypt

Release Notes: What Changed

• Added Feature: Support for Ubuntu 20.04
• Removed Feature: Removed support for Ubuntu 18.04. Support for Ubuntu 18.04 was declared end of life on April 30th, 2023.

Azure Managed HSM offers a TLS Offload library which is compliant with PKCS#11 version 2.40. We do not support all possible functions listed in the PKCS#11 specification. Our TLS Offload library supports a limited set of functions and mechanisms for SSL/TLS Offload with F5 (BigIP) and Nginx only!

Supported Operating Systems
TLS Offload Library supports CentOS 7, Ubuntu 18.04 and CBL Mariner 2 only!

• CentOS 7 (mhsm-pkcs11-1.1.0.02319-1.el7.x86_64.rpm)
• Ubuntu 18.04 (mhsm-pkcs11_1.1.0.02319_amd64.deb)
• CBL Mariner 2 (mhsm-pkcs11-1.1.0.02319-1.cm2.x86_64.rpm)

Supported Key Types & Mechanisms
You can find a list of all supported key types and mechanisms here:
https://github.com/microsoft/AzureManagedHsmTLSOffload#supported-key-types--mechanisms

Not Supported

• AES Keys Not Supported.
• Encryption / Decryption Not Supported.
• Key Wrap Not Supported
• Triple Des (3DES) Not Supported
• Key Derivation Not Supported
• TLS Offload Library has also removed support for C_GenerateKey, C_GetOperationState, C_SetOperationState, C_EncryptInit, C_Encrypt, C_DecryptInit, C_Decrypt

Release Notes: What Changed

• Added Feature: Connection Caching (CURL Caching) for improved performance.
• Added Feature: Support for Managed Service Identity (MSI) for authentication and authorization.
• Added Feature: Support for CBL Mariner 2 OS
• Added Feature: Option to specify MHSM configuration file path using environment variable ($MHSM_PKCS11_CONFIG_FILE_PATH/mhsm-pkcs11.conf)

Release Deprecated. Not Supported!

Release Deprecated. Not Supported!

Release Deprecated. Not Supported!

Release Deprecated. Not Supported!

Release Deprecated. Not Supported!