RHEL 10 removes the OpenSSL ENGINE API in favor of the OpenSSL 3.x Provider API.
 
We need to audit Service Mesh deployments using Hardware Security Modules (HSM) for CA or private keys to:

• Identify dependencies on the deprecated OpenSSL ENGINE API.

• Investigate the feasibility of migrating to the pkcs11-provider mechanism.

• Determine the engineering effort required to re-architect HSM integrations for OpenSSL 3.x compliance.