One issue you might face using TLS security (HTTPS, NATS.io, MQTT, etc) is a long delay on bootup until the system gets enough hardware entropy to think the random number generator is secure. These delays can be minutes on a i.MX6UL. I tried setting /proc/sys/kernel/random/read_wakeup_threshold
to some low number, but that did not make any difference. I then tried rng-tools – that reduced the boot time some, but boot time was still double. I then tried haveged – it worked – now back down to 38s boot time.
Would be interesting to study exactly how this works, but for a low profile IoT system, bank level encryption is not really necessary as the data is of little value, so not really worth hacking.