chore(policy-controller): Use the aws-lc-rs TLS backend#14300
Merged
Conversation
2544cfc to
6843b20
Compare
aws-lc-sys requires a cross compiling toolchain as well as some specific build flags when compiling for a non-native arch. Ideally, this would be in the dev container, but for now we can add them to the docker image. Signed-off-by: Scott Fleener <scott@buoyant.io>
olix0r
reviewed
Aug 4, 2025
olix0r
left a comment
Member
There was a problem hiding this comment.
The subject of this PR is probably a little misleading -- the default behavior was previously to use rustls-tls and that isn't changing.
It's probably clearer as:
chore(policy-controller): use the aws-lc-rs TLS backend
since this is the relevant change in behavior. The details about feature flagging can be moved into the body.
Additionally, it's worth noting that, due to the gateway-api dependency, we continue to enable the ring backend in addition to the aws-lc backend, though it is not used.
olix0r
approved these changes
Aug 5, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Attempt 2 of #14264 (after it was reverted in #14299), this also includes an additional fix for the cross compilation in CI.
Note that this doesn't change the existing use of
rustls, simply a change in backend fromringtoaws-lc-rs.ringis still included in the dependency tree because ofgateway-apifeature flags (or lack thereof), but it is unused.