Hello,

I’m an engineer at AWS working on AWS Libcrypto (AWS-LC), an open-source cryptographic library maintained for AWS and their customers. We are committed to backwards compatibility. For this purpose we have CI jobs here asserting every change’s compatibility with many different open-source projects. We use these tests to catch compatibility regressions before they’re merged. We have already added libwebsockets to our CI here.

AWS-LC supports CPU-specific performance optimizations for AWS Graviton 2, AWS Graviton 3, and Intel x86-64 with AVX-512 instructions. We’ve formally verified a subset of AWS-LC’s cryptographic primitives, and continue to invest in expanding this coverage. AWS-LC has been FIPS validated by NIST and we have 140-3 certificates for both dynamic and static builds. We would like to upstream support for AWS-LC into the mainline branch of libwebsockets. We believe that this would provide the best experience for users wishing to build libwebsockets against AWS-LC.

We support all features of libwebsockets with minimal required changes. The patch primarily adds OPENSSL_IS_AWSLC to existing preprocessor conditionals in the libwebsockets codebase to properly identify AWS-LC during compilation. I have prepared patch files both for the latest tagged release and for the mainline branch, with the latter requiring a few additional ifdefs to accommodate recent changes. While the patch may appear substantial in line count, much of this is due to some refactors I made to improve maintainability - specifically extracting repeated conditional logic into common macros.

If you agree that this integration would be valuable, I'd be happy to submit a formal PR that includes:

• The patch for AWS-LC support
• Documentation updates in your README explaining the AWS-LC integration
• Configuration changes to add AWS-LC testing to your CI pipeline

Thank you!