To address the deployment challenges and high identity management overhead of Self-Sovereign Identity (SSI) in large-scale IoT, this paper proposes an RFC-8446–compliant enhancement to the TLS 1.3 handshake protocol that natively integrates Verifiable Credentials (VCs) and Decentralized Identifiers (DIDs) without altering standard message structures. Methodologically, it reuses existing TLS 1.3 handshake messages and leverages OpenSSL’s external Provider interface to decouple authentication logic, minimizing modifications to the protocol stack. Experimental evaluation demonstrates performance parity with traditional X.509 PKI while substantially reducing identity provisioning and rotation overhead in IoT environments—validating the feasibility of scalable SSI deployment under resource constraints. Key contributions include: (i) a VC-TLS integration architecture requiring zero message extensions; (ii) a lightweight, Provider-driven identity abstraction layer; and (iii) a practical, IoT-oriented engineering pathway for SSI implementation.

The paper presents a step forward in the design and implementation of a Transport Layer Security (TLS) handshake protocol that enables the use of Verifiable Credential (VC) while maintaining full compliance with RFC-8446 and preserving all the security features of TLS 1.3. The improvement over our previous work lies in the handshake design, which now only uses messages already defined for TLS 1.3. The design has an incredibly positive impact on the implementation, as we made minimal changes to the OpenSSL library and relied mostly on a novel external provider to handle VC and Decentralized IDentifier (DID) related operations. The experimental results prove the feasibility of the design and show comparable performance to the original solution based on Public Key Infrastructure (PKI) and X.509 certificates. These results pave the way for the adoption of Self-Sovereign Identity (SSI) in large-scale Internet of Things (IoT) systems, with a clear benefit in terms of reducing the cost of identity management.