diff --git a/include/libwebsockets.h b/include/libwebsockets.h
index 3343f50a0..38789dac5 100644
--- a/include/libwebsockets.h
+++ b/include/libwebsockets.h
@@ -225,6 +225,8 @@ typedef unsigned long long lws_intptr_t;
 #endif
 #endif
 #include <mbedtls/ssl.h>
+#include <mbedtls/entropy.h>
+#include <mbedtls/ctr_drbg.h>
 #else
 #include <openssl/ssl.h>
 #if !defined(LWS_WITH_MBEDTLS)
diff --git a/lib/core/private.h b/lib/core/private.h
index 54c9faf89..a92006647 100644
--- a/lib/core/private.h
+++ b/lib/core/private.h
@@ -296,6 +296,11 @@ struct lws_context {
 	struct lws_mutex_refcount mr;
 #endif
 
+#if defined(LWS_AMAZON_RTOS)
+	mbedtls_entropy_context mec;
+	mbedtls_ctr_drbg_context mcdc;
+#endif
+
 	struct lws_deferred_free *deferred_free_list;
 
 #if defined(LWS_WITH_THREADPOOL)
diff --git a/lib/plat/esp32/esp32-init.c b/lib/plat/esp32/esp32-init.c
index eed667cd8..2f537d010 100644
--- a/lib/plat/esp32/esp32-init.c
+++ b/lib/plat/esp32/esp32-init.c
@@ -30,6 +30,10 @@ lws_plat_context_early_init(void)
 void
 lws_plat_context_early_destroy(struct lws_context *context)
 {
+#if defined(LWS_AMAZON_RTOS)
+	mbedtls_ctr_drbg_free(&context->mcdc);
+	mbedtls_entropy_free(&context->mec);
+#endif
 }
 
 void
@@ -66,6 +70,23 @@ int
 lws_plat_init(struct lws_context *context,
 	      const struct lws_context_creation_info *info)
 {
+#if defined(LWS_AMAZON_RTOS)
+	int n;
+
+	/* initialize platform random through mbedtls */
+	mbedtls_entropy_init(&context->mec);
+	mbedtls_ctr_drbg_init(&context->mcdc);
+
+	n = mbedtls_ctr_drbg_seed(&context->mcdc, mbedtls_entropy_func,
+				  &context->mec, NULL, 0);
+	if (n) {
+		lwsl_err("%s: mbedtls_ctr_drbg_seed() returned 0x%x\n",
+			 __func__, n);
+
+		return 1;
+	}
+#endif
+
 	/* master context has the global fd lookup array */
 	context->lws_lookup = lws_zalloc(sizeof(struct lws *) *
 					 context->max_fds, "esp32 lws_lookup");
diff --git a/lib/plat/esp32/esp32-misc.c b/lib/plat/esp32/esp32-misc.c
index ffb663152..d89e1939d 100644
--- a/lib/plat/esp32/esp32-misc.c
+++ b/lib/plat/esp32/esp32-misc.c
@@ -32,14 +32,23 @@ lws_time_in_microseconds(void)
 LWS_VISIBLE int
 lws_get_random(struct lws_context *context, void *buf, int len)
 {
+#if defined(LWS_AMAZON_RTOS)
+	int n;
+
+	n = mbedtls_ctr_drbg_random(&context->mcdc, buf, len);
+	if (!n)
+		return len;
+
+	/* failed */
+
+	lwsl_err("%s: mbedtls_ctr_drbg_random returned 0x%x\n", __func__, n);
+
+	return 0;
+#else
 	uint8_t *pb = buf;
 
 	while (len) {
-#if defined(LWS_AMAZON_RTOS)
-		uint32_t r = rand();
-#else
 		uint32_t r = esp_random();
-#endif
 		uint8_t *p = (uint8_t *)&r;
 		int b = 4;
 
@@ -53,6 +62,7 @@ lws_get_random(struct lws_context *context, void *buf, int len)
 	}
 
 	return pb - (uint8_t *)buf;
+#endif
 }