Hello.
Currently, Erlang/OTP supports OpenSSL and libressl as backends for its crypto module. I wonder whether it would be feasible to propose adding AWS-LC as an additional backend option.
Since AWS-LC is a cryptographic library maintained by a specific commercial entity,
I’m concerned that some users might prefer to avoid vendor lock-in, which is why I’m reaching out to discuss this first.
While this is still in a prototype stage, we’ve successfully implemented AWS-LC support and verified that it functions properly in our product.
There are some limitations—such as certain older algorithms not being supported or ChaCha20/Poly1305 requiring separate invocation—
but considering both performance and security aspects, I believe AWS-LC presents a viable option.
Especially with recent trends of running Erlang/OTP on AWS, and considering the excellent compatibility between AWS’s high-core-count Graviton processors and Erlang/OTP,
I’m inclined to think AWS-LC could be a good choice.
That said, I recognize that adding this would potentially increase the workload for the OTP maintainers,
so in practical terms, continuing with custom patches might be more feasible.
I would be greatly appreciative of your input on this matter.
My perspective has been somewhat influenced by the following articles: