diff --git a/CMakeLists.txt b/CMakeLists.txt
index 01779ce1..1b99b20d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -52,6 +52,7 @@ option(LWS_WITH_LIBEV "Compile with support for libev" OFF)
 option(LWS_USE_BUNDLED_ZLIB "Use bundled zlib version (Windows only)" ${LWS_USE_BUNDLED_ZLIB_DEFAULT})
 option(LWS_SSL_CLIENT_USE_OS_CA_CERTS "SSL support should make use of OS installed CA root certs" ON)
 option(LWS_WITHOUT_BUILTIN_GETIFADDRS "Don't use BSD getifaddrs implementation from libwebsockets if it is missing (this will result in a compilation error) ... Default is your libc provides it. On some systems such as uclibc it doesn't exist." OFF)
+option(LWS_WITHOUT_BUILTIN_SHA1 "Don't build the lws sha-1 (eg, because openssl will provide it" OFF)
 option(LWS_WITHOUT_CLIENT "Don't build the client part of the library" OFF)
 option(LWS_WITHOUT_SERVER "Don't build the server part of the library" OFF)
 option(LWS_LINK_TESTAPPS_DYNAMIC "Link the test apps to the shared version of the library. Default is to link statically" OFF)
@@ -251,6 +252,10 @@ include(CheckIncludeFiles)
 include(CheckLibraryExists)
 include(CheckTypeSize)
 
+if (LWS_WITHOUT_BUILTIN_SHA1)
+	set(LWS_SHA1_USE_OPENSSL_NAME 1)
+endif()
+
 CHECK_FUNCTION_EXISTS(bzero LWS_HAVE_BZERO)
 CHECK_FUNCTION_EXISTS(fork LWS_HAVE_FORK)
 CHECK_FUNCTION_EXISTS(getenv LWS_HAVE_GETENV)
@@ -347,7 +352,6 @@ set(SOURCES
 	lib/output.c
 	lib/parsers.c
 	lib/context.c
-	lib/sha-1.c
 	lib/alloc.c
 	lib/header.c)
 
@@ -363,6 +367,11 @@ if (LWS_WITH_SSL)
 		lib/ssl.c)
 endif()
 
+if (NOT LWS_WITHOUT_BUILTIN_SHA1)
+	list(APPEND SOURCES
+		lib/sha-1.c)
+endif()
+
 if (LWS_WITH_HTTP2)
 	list(APPEND SOURCES
 		lib/http2.c
@@ -979,6 +988,7 @@ if (LWS_USE_WOLFSSL)
 	message("   LWS_WOLFSSL_LIBRARIES = ${LWS_WOLFSSL_LIBRARIES}")
 	message("   LWS_WOLFSSL_INCLUDE_DIRS = ${LWS_WOLFSSL_INCLUDE_DIRS}")
 endif()
+message(" LWS_WITHOUT_BUILTIN_SHA1 = ${LWS_WITHOUT_BUILTIN_SHA1}")
 message(" LWS_WITHOUT_BUILTIN_GETIFADDRS = ${LWS_WITHOUT_BUILTIN_GETIFADDRS}")
 message(" LWS_WITHOUT_CLIENT = ${LWS_WITHOUT_CLIENT}")
 message(" LWS_WITHOUT_SERVER = ${LWS_WITHOUT_SERVER}")
diff --git a/changelog b/changelog
index 0a9318b9..3290c7a8 100644
--- a/changelog
+++ b/changelog
@@ -12,6 +12,10 @@ non-NULL.  If so, the string has length len.
 LWS_SERVER_OPTION_PEER_CERT_NOT_REQUIRED is available to relax the requirement
 for peer certs if you are using the option to require client certs.
 
+LWS_WITHOUT_BUILTIN_SHA1 cmake option forces lws to use SHA1() defined
+externally, eg, byOpenSSL, and disables build of libwebsockets_SHA1()
+
+
 v1.4-chrome43-firefox36
 =======================
 
diff --git a/lib/libwebsockets.h b/lib/libwebsockets.h
index 7fae18e8..6b5ee4c2 100644
--- a/lib/libwebsockets.h
+++ b/lib/libwebsockets.h
@@ -1362,9 +1362,12 @@ lws_frame_is_binary(struct libwebsocket *wsi);
 
 LWS_VISIBLE LWS_EXTERN int
 lws_is_ssl(struct libwebsocket *wsi);
-
+#ifdef LWS_SHA1_USE_OPENSSL_NAME
+#define libwebsockets_SHA1 SHA1
+#else
 LWS_VISIBLE LWS_EXTERN unsigned char *
 libwebsockets_SHA1(const unsigned char *d, size_t n, unsigned char *md);
+#endif
 
 LWS_VISIBLE LWS_EXTERN int
 lws_b64_encode_string(const char *in, int in_len, char *out, int out_size);
diff --git a/lws_config.h.in b/lws_config.h.in
index 65331b93..f4b0ac4b 100644
--- a/lws_config.h.in
+++ b/lws_config.h.in
@@ -59,3 +59,5 @@
 /* Use the BSD getifaddrs that comes with libwebsocket, for uclibc support */
 #cmakedefine LWS_BUILTIN_GETIFADDRS
 
+/* use SHA1() not internal libwebsockets_SHA1 */
+#cmakedefine LWS_SHA1_USE_OPENSSL_NAME