diff --git a/Cargo.lock b/Cargo.lock
index 3f164aa0..a9e06301 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1,6 +1,6 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
+version = 4
 
 [[package]]
 name = "addr2line"
@@ -2058,6 +2058,7 @@ dependencies = [
  "rand 0.9.2",
  "rand_distr",
  "rsa",
+ "rustls 0.23.31",
  "serde",
  "serde_json",
  "sha1",
diff --git a/core/Cargo.toml b/core/Cargo.toml
index aedaf064..1ed9a396 100644
--- a/core/Cargo.toml
+++ b/core/Cargo.toml
@@ -77,6 +77,7 @@ uuid = { version = "1", default-features = false, features = ["v4"] }
 data-encoding = "2.9"
 flate2 = "1.1"
 protobuf-json-mapping = "3.7"
+rustls = { version = "0.23", features = ["aws-lc-rs"] }
 
 # Eventually, this should use rustls-platform-verifier to unify the platform-specific dependencies
 # but currently, hyper-proxy2 and tokio-tungstenite do not support it.
diff --git a/core/src/http_client.rs b/core/src/http_client.rs
index 728857f9..21ac8fa5 100644
--- a/core/src/http_client.rs
+++ b/core/src/http_client.rs
@@ -145,6 +145,11 @@ impl HttpClient {
 
     fn try_create_hyper_client(proxy_url: Option<&Url>) -> Result<HyperClient, Error> {
         // configuring TLS is expensive and should be done once per process
+        let _ = rustls::crypto::aws_lc_rs::default_provider()
+            .install_default()
+            .map_err(|e| {
+                Error::internal(format!("unable to install default crypto provider: {e:?}"))
+            });
 
         // On supported platforms, use native roots
         #[cfg(any(target_os = "windows", target_os = "macos", target_os = "linux"))]