diff --git a/CMakeLists.txt b/CMakeLists.txt
index 270478f5393ae8c3a948ff15cfd1cd311b55fce8..cfb1416938a1e735002569e09959b641ca1dc4b4 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -45,6 +45,7 @@ endif()
 option(LWS_WITH_STATIC "Build the static version of the library" ON)
 option(LWS_WITH_SHARED "Build the shared version of the library" ON)
 option(LWS_WITH_SSL "Include SSL support (default OpenSSL, wolfSSL if LWS_USE_WOLFSSL is set)" ON)
+option(LWS_USE_CYASSL "Use CyaSSL replacement for OpenSSL. When settings this, you also need to specify LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS" OFF)
 option(LWS_USE_WOLFSSL "Use wolfSSL replacement for OpenSSL. When settings this, you also need to specify LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS" OFF)
 option(LWS_WITH_ZLIB "Include zlib support (required for extensions)" ON)
 option(LWS_WITH_LIBEV "Compile with support for libev" OFF)
@@ -72,6 +73,17 @@ set(LWS_INSTALL_BIN_DIR       bin CACHE PATH "Installation directory for executa
 set(LWS_INSTALL_INCLUDE_DIR   include CACHE PATH "Installation directory for header files")
 set(LWS_INSTALL_EXAMPLES_DIR  bin CACHE PATH "Installation directory for example files")
 
+# Allow the user to use the old CyaSSL options/library in stead of wolfSSL
+if (LWS_USE_CYASSL AND LWS_USE_WOLFSSL)
+	message(FATAL_ERROR "LWS_USE_CYASSL and LWS_USE_WOLFSSL are mutually exclusive!")
+endif()
+if (LWS_USE_CYASSL)
+	# Copy CyaSSL options to the wolfSSL options
+	set(LWS_USE_WOLFSSL ${LWS_USE_CYASSL} CACHE BOOL "Use wolfSSL/CyaSSL instead of OpenSSL" FORCE)
+	set(LWS_WOLFSSL_LIBRARIES ${LWS_CYASSL_LIBRARIES} CACHE PATH "Path to wolfSSL/CyaSSL libraries" FORCE)
+	set(LWS_WOLFSSL_INCLUDE_DIRS ${LWS_CYASSL_INCLUDE_DIRS} CACHE PATH "Path to wolfSSL/CyaSSL header files" FORCE)
+endif()
+
 if (LWS_WITHOUT_CLIENT AND LWS_WITHOUT_SERVER)
 	message(FATAL_ERROR "Makes no sense to compile without both client or server.")
 endif()
@@ -107,7 +119,11 @@ endif()
 if (LWS_WITH_SSL AND LWS_USE_WOLFSSL)
 	if ("${LWS_WOLFSSL_LIBRARIES}" STREQUAL "" OR "${LWS_WOLFSSL_INCLUDE_DIRS}" STREQUAL "")
 		if (NOT WOLFSSL_FOUND)
-			message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_USE_WOLFSSL is turned on.")
+			if (LWS_USE_CYASSL)
+				message(FATAL_ERROR "You must set LWS_CYASSL_LIBRARIES and LWS_CYASSL_INCLUDE_DIRS when LWS_USE_CYASSL is turned on.")
+			else()
+				message(FATAL_ERROR "You must set LWS_WOLFSSL_LIBRARIES and LWS_WOLFSSL_INCLUDE_DIRS when LWS_USE_WOLFSSL is turned on.")
+			endif()
 		endif()
 	else()
 		set(WOLFSSL_LIBRARIES ${LWS_WOLFSSL_LIBRARIES})
@@ -115,6 +131,9 @@ if (LWS_WITH_SSL AND LWS_USE_WOLFSSL)
 		set(WOLFSSL_FOUND 1)
 	endif()
 	set(USE_WOLFSSL 1)
+	if (LWS_USE_CYASSL)
+		set(USE_OLD_CYASSL 1)
+	endif()
 endif()
 
 if (LWS_WITH_ZLIB AND NOT LWS_USE_BUNDLED_ZLIB)
@@ -525,9 +544,15 @@ if (LWS_WITH_SSL)
 		# Additional to the root directory we need to include
 		# the wolfssl/ subdirectory which contains the OpenSSL
 		# compatability layer headers.
-		foreach(inc ${WOLFSSL_INCLUDE_DIRS})
-			include_directories("${inc}" "${inc}/wolfssl")
-		endforeach()
+		if (LWS_USE_CYASSL)
+			foreach(inc ${WOLFSSL_INCLUDE_DIRS})
+				include_directories("${inc}" "${inc}/cyassl")
+			endforeach()
+		else()
+			foreach(inc ${WOLFSSL_INCLUDE_DIRS})
+				include_directories("${inc}" "${inc}/wolfssl")
+			endforeach()
+		endif()
 
 		list(APPEND LIB_LIST "${WOLFSSL_LIBRARIES}")
 	else()
@@ -933,7 +958,7 @@ message("  Settings:  (For more help do cmake -LH <srcpath>)")
 message("---------------------------------------------------------------------")
 message(" LWS_WITH_SSL = ${LWS_WITH_SSL}  (SSL Support)")
 message(" LWS_SSL_CLIENT_USE_OS_CA_CERTS = ${LWS_SSL_CLIENT_USE_OS_CA_CERTS}")
-message(" LWS_USE_WOLFSSL = ${LWS_USE_WOLFSSL} (wolfSSL replacement for OpenSSL)")
+message(" LWS_USE_WOLFSSL = ${LWS_USE_WOLFSSL} (wolfSSL/CyaSSL replacement for OpenSSL)")
 if (LWS_USE_WOLFSSL)
 	message("   LWS_WOLFSSL_LIBRARIES = ${LWS_WOLFSSL_LIBRARIES}")
 	message("   LWS_WOLFSSL_INCLUDE_DIRS = ${LWS_WOLFSSL_INCLUDE_DIRS}")
diff --git a/README.build.md b/README.build.md
index 10647bbdb1bc098faadcf344d7117e3db5cf03a2..5f17235b621b3c9bc52ebc49e3ae4e95039bf28e 100644
--- a/README.build.md
+++ b/README.build.md
@@ -151,9 +151,9 @@ Windows GUI
 On windows CMake comes with a gui application:
 	Start -> Programs -> CMake -> CMake (cmake-gui)
 
-wolfSSL replacement for OpenSSL
-------------------------------
-wolfSSL is a lightweight SSL library targeted at embedded systems:
+wolfSSL/CyaSSL replacement for OpenSSL
+--------------------------------------
+wolfSSL/CyaSSL is a lightweight SSL library targeted at embedded systems:
 https://www.wolfssl.com/wolfSSL/Products-wolfssl.html
 
 It contains a OpenSSL compatability layer which makes it possible to pretty
@@ -163,15 +163,26 @@ much link to it instead of OpenSSL, giving a much smaller footprint.
 this to work.
 
 Compiling libwebsockets with wolfSSL
------------------------------------
+------------------------------------
 
 ```bash
 cmake .. -DLWS_USE_WOLFSSL=1 \
 	 -DLWS_WOLFSSL_INCLUDE_DIRS=/path/to/wolfssl \
-	 -DLWS_WOLFSSL_LIB=/path/to/wolfssl/wolfssl.a ..
+	 -DLWS_WOLFSSL_LIBRARIES=/path/to/wolfssl/wolfssl.a ..
+```
+
+**NOTE**: On windows use the .lib file extension for `LWS_WOLFSSL_LIBRARIES` instead.
+
+Compiling libwebsockets with CyaSSL
+-----------------------------------
+
+```bash
+cmake .. -DLWS_USE_CYASSL=1 \
+	 -DLWS_CYASSL_INCLUDE_DIRS=/path/to/cyassl \
+	 -DLWS_CYASSL_LIBRARIES=/path/to/wolfssl/cyassl.a ..
 ```
 
-**NOTE**: On windows use the .lib file extension for `LWS_WOLFSSL_LIB` instead.
+**NOTE**: On windows use the .lib file extension for `LWS_CYASSL_LIBRARIES` instead.
 
 
 Reproducing HTTP2.0 tests
diff --git a/cross-openwrt-makefile b/cross-openwrt-makefile
index 2298ffb9c4ddb8c07771099fc4e154f7cd38ce69..2504370908dd9be26c509566093e0f176759f347 100644
--- a/cross-openwrt-makefile
+++ b/cross-openwrt-makefile
@@ -26,9 +26,15 @@ CMAKE_OPTIONS += -DLWS_WITHOUT_TESTAPPS=$(if $(CONFIG_PACKAGE_libwebsockets-exam
 # for wolfssl, define these in addition to LWS_OPENSSL_SUPPORT and
 # edit package/libs/wolfssl/Makefile to include --enable-opensslextra
 # CMAKE_OPTIONS += -DLWS_USE_WOLFSSL=ON
-# CMAKE_OPTIONS += -DLWS_WOLFSSL_LIB=$(STAGING_DIR)/usr/lib/libwolfssl.so
+# CMAKE_OPTIONS += -DLWS_WOLFSSL_LIBRARIES=$(STAGING_DIR)/usr/lib/libwolfssl.so
 # CMAKE_OPTIONS += -DLWS_WOLFSSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include
 
+# for cyassl, define these in addition to LWS_OPENSSL_SUPPORT and
+# edit package/libs/wolfssl/Makefile to include --enable-opensslextra
+# CMAKE_OPTIONS += -DLWS_USE_CYASSL=ON
+# CMAKE_OPTIONS += -DLWS_CYASSL_LIBRARIES=$(STAGING_DIR)/usr/lib/libcyassl.so
+# CMAKE_OPTIONS += -DLWS_CYASSL_INCLUDE_DIRS=$(STAGING_DIR)/usr/include
+
 # other options worth noting
 # CMAKE_OPTIONS += -DLWS_WITHOUT_EXTENSIONS=ON
 # CMAKE_OPTIONS += -DLWS_WITHOUT_DAEMONIZE=ON
diff --git a/lib/client.c b/lib/client.c
index bf39b23adc09f4568944d319c40cca0ac3911148..8c9ef915410d32a7416a263c90b8d462b7b247ca 100644
--- a/lib/client.c
+++ b/lib/client.c
@@ -132,7 +132,7 @@ int lws_client_socket_service(struct libwebsocket_context *context,
 		/* we can retry this... just cook the SSL BIO the first time */
 
 		if (wsi->use_ssl && !wsi->ssl) {
-#if defined(WOLFSSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME)
+#if defined(CYASSL_SNI_HOST_NAME) || defined(WOLFSSL_SNI_HOST_NAME) || defined(SSL_CTRL_SET_TLSEXT_HOSTNAME)
 			const char *hostname = lws_hdr_simple_ptr(wsi,
 						_WSI_TOKEN_CLIENT_PEER_ADDRESS);
 #endif
@@ -147,10 +147,17 @@ int lws_client_socket_service(struct libwebsocket_context *context,
 			 * when establishing connection
 			 */
 #ifdef USE_WOLFSSL
+#ifdef USE_OLD_CYASSL
+#ifdef CYASSL_SNI_HOST_NAME
+			CyaSSL_UseSNI(wsi->ssl, CYASSL_SNI_HOST_NAME,
+				hostname, strlen(hostname));
+#endif
+#else
 #ifdef WOLFSSL_SNI_HOST_NAME
 			wolfSSL_UseSNI(wsi->ssl, WOLFSSL_SNI_HOST_NAME,
 				hostname, strlen(hostname));
 #endif
+#endif
 #else
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 			SSL_set_tlsext_host_name(wsi->ssl, hostname);
@@ -159,16 +166,22 @@ int lws_client_socket_service(struct libwebsocket_context *context,
 
 #ifdef USE_WOLFSSL
 			/*
-			 * wolfSSL does certificate verification differently
+			 * wolfSSL/CyaSSL does certificate verification differently
 			 * from OpenSSL.
 			 * If we should ignore the certificate, we need to set
 			 * this before SSL_new and SSL_connect is called.
 			 * Otherwise the connect will simply fail with error
 			 * code -155
 			 */
+#ifdef USE_OLD_CYASSL
+			if (wsi->use_ssl == 2)
+				CyaSSL_set_verify(wsi->ssl,
+							SSL_VERIFY_NONE, NULL);
+#else
 			if (wsi->use_ssl == 2)
 				wolfSSL_set_verify(wsi->ssl,
 							SSL_VERIFY_NONE, NULL);
+#endif
 #endif /* USE_WOLFSSL */
 
 			wsi->client_bio =
@@ -176,7 +189,11 @@ int lws_client_socket_service(struct libwebsocket_context *context,
 			SSL_set_bio(wsi->ssl, wsi->client_bio, wsi->client_bio);
 
 #ifdef USE_WOLFSSL
+#ifdef USE_OLD_CYASSL
+			CyaSSL_set_using_nonblock(wsi->ssl, 1);
+#else
 			wolfSSL_set_using_nonblock(wsi->ssl, 1);
+#endif
 #else
 			BIO_set_nbio(wsi->client_bio, 1); /* nonblocking */
 #endif
diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index 91a8e5e9d93d050bff6878dea72e79976d16cf16..e79b25afd294f00cf90ca9e051d39823b54b046a 100644
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -92,7 +92,11 @@ extern "C" {
 
 #ifdef LWS_OPENSSL_SUPPORT
 #ifdef USE_WOLFSSL
+#ifdef USE_OLD_CYASSL
+#include <cyassl/openssl/ssl.h>
+#else
 #include <wolfssl/openssl/ssl.h>
+#endif /* not USE_OLD_CYASSL */
 #else
 #include <openssl/ssl.h>
 #endif /* not USE_WOLFSSL */
diff --git a/lib/private-libwebsockets.h b/lib/private-libwebsockets.h
index 81499564b9b23017519aa671bcdd530caf245f89..a35b9ead826716fe5d640ec9c48f05b69e0e4b14 100644
--- a/lib/private-libwebsockets.h
+++ b/lib/private-libwebsockets.h
@@ -150,8 +150,13 @@
 
 #ifdef LWS_OPENSSL_SUPPORT
 #ifdef USE_WOLFSSL
+#ifdef USE_OLD_CYASSL
+#include <cyassl/openssl/ssl.h>
+#include <cyassl/error-ssl.h>
+#else
 #include <wolfssl/openssl/ssl.h>
 #include <wolfssl/error-ssl.h>
+#endif /* not USE_OLD_CYASSL */
 #else
 #include <openssl/ssl.h>
 #include <openssl/evp.h>
diff --git a/lib/ssl.c b/lib/ssl.c
index 0d5185456cc6fd788a4dc94006626c175f331678..b8154683ad0c1a668452dd3bba1ef69fd5be9671 100644
--- a/lib/ssl.c
+++ b/lib/ssl.c
@@ -89,7 +89,11 @@ lws_context_init_server_ssl(struct lws_context_creation_info *info,
 		context->use_ssl = info->ssl_cert_filepath != NULL;
 
 #ifdef USE_WOLFSSL
-		lwsl_notice(" Compiled with WOLFSSL support\n");
+#ifdef USE_OLD_CYASSL
+		lwsl_notice(" Compiled with CyaSSL support\n");
+#else
+		lwsl_notice(" Compiled with wolfSSL support\n");
+#endif
 #else
 		lwsl_notice(" Compiled with OpenSSL support\n");
 #endif
@@ -545,7 +549,11 @@ lws_server_socket_service_ssl(struct libwebsocket_context *context,
 		SSL_set_fd(new_wsi->ssl, accept_fd);
 
 #ifdef USE_WOLFSSL
+#ifdef USE_OLD_CYASSL
+		CyaSSL_set_using_nonblock(new_wsi->ssl, 1);
+#else
 		wolfSSL_set_using_nonblock(new_wsi->ssl, 1);
+#endif
 #else
 		SSL_set_mode(new_wsi->ssl, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
 		bio = SSL_get_rbio(new_wsi->ssl);
diff --git a/lws_config.h.in b/lws_config.h.in
index 4d66892fe17d7dc1412a8422a5d11de624fec65b..65c4d0a4a0320763a67064d8d7ece191e13a88e8 100644
--- a/lws_config.h.in
+++ b/lws_config.h.in
@@ -6,10 +6,14 @@
 	#endif
 #endif
 
-/* Define to 1 to use wolfSSL as a replacement for OpenSSL.
+/* Define to 1 to use wolfSSL/CyaSSL as a replacement for OpenSSL.
  * LWS_OPENSSL_SUPPORT needs to be set also for this to work. */
 #cmakedefine USE_WOLFSSL
 
+/* Also define to 1 (in addition to USE_WOLFSSL) when using the
+  (older) CyaSSL library */
+#cmakedefine USE_OLD_CYASSL
+
 /* The Libwebsocket version */
 #cmakedefine LWS_LIBRARY_VERSION "${LWS_LIBRARY_VERSION}"