Could be - node-red locks on to MQTT.js V2.18.8 - thats from 2y ago - current version in NPM is 4.1.0
Not 100% sure that would be the reason for TLS 1.0 though.
Rather than just a throw away comment - I am gonna do a quick test to see what happens (from a compatibility / usability POV) if we force node-red to use V3.0.0 or V4.1.0 - then I'll feedback how to do it for @vp2021 to test if that fixes the TLS neg issue
I seem to remember on a non node-red project I simply replaced MQTT.js without issue.
__(slightly off topic) __
While on the subject of MQTT - would be nice to see some of MQTT v5 goodness in node red - in particular...
- User Properties
- Payload Format Indicator & Content Type
- Response Topic and Request /Response Pattern
... though I have no idea how they would look/fit together in node-red land