What advantages does aws-lc-rs offer over ring (in terms of performance/security/endorsement/...)?
From aws-lc-rs' README:
Rust developers increasingly need to deploy applications that meet US and Canadian government cryptographic requirements. We evaluated how to deliver FIPS validated cryptography in idiomatic and performant Rust, built around our AWS-LC offering. We found that the popular ring (v0.16) library fulfilled much of the cryptographic needs in the Rust community, but it did not meet the needs of developers with FIPS requirements. Our intention is to contribute a drop-in replacement for ring that provides FIPS support and is compatible with the ring API. Rust developers with prescribed cryptographic requirements can seamlessly integrate aws-lc-rs into their applications and deploy them into AWS Regions.
FIPS stands for Federal Information Processing Standards .
These are U.S. government–issued standards that define how certain technologies (especially cryptography) must behave to be considered secure and compliant for government use.
So, when a Rust developer wants to deploy software in such environments, they need to ensure that their crypto backend is FIPS certified — not just "secure," but certified secure .
EDIT: I'm sorry for my misunderstanding answer about FIPS. It is probably not the reason for rustls choosing aws-lc-rs.
2 Likes
ring doesn't support P-521 signatures.
Unfortunately, Cloudflare used this signature algorithm in its CA cert of WARP (a VPN/TLS MITM proxy), breaking all Rust software using ring for all users of WARP. The irony is that WARP itself is written in Rust, and this incompatibility affects developers of WARP too 
1 Like