diff --git a/awc/Cargo.toml b/awc/Cargo.toml
index 721790fae..c78227784 100644
--- a/awc/Cargo.toml
+++ b/awc/Cargo.toml
@@ -49,10 +49,12 @@ rustls-0_21 = ["tls-rustls-0_21", "actix-tls/rustls-0_21"]
 rustls-0_22-webpki-roots = ["tls-rustls-0_22", "actix-tls/rustls-0_22-webpki-roots"]
 # TLS via Rustls v0.22 (Native roots)
 rustls-0_22-native-roots = ["tls-rustls-0_22", "actix-tls/rustls-0_22-native-roots"]
-# TLS via Rustls v0.22 (WebPKI roots)
-rustls-0_23-webpki-roots = ["tls-rustls-0_23", "actix-tls/rustls-0_23-webpki-roots"]
-# TLS via Rustls v0.22 (Native roots)
-rustls-0_23-native-roots = ["tls-rustls-0_23", "actix-tls/rustls-0_23-native-roots"]
+# TLS via Rustls v0.23
+rustls-0_23 = ["tls-rustls-0_23", "actix-tls/rustls-0_23"]
+# TLS via Rustls v0.23 (WebPKI roots)
+rustls-0_23-webpki-roots = ["rustls-0_23", "actix-tls/rustls-0_23-webpki-roots"]
+# TLS via Rustls v0.23 (Native roots)
+rustls-0_23-native-roots = ["rustls-0_23", "actix-tls/rustls-0_23-native-roots"]
 
 # Brotli algorithm content-encoding support
 compress-brotli = ["actix-http/compress-brotli", "__compress"]
@@ -117,8 +119,8 @@ trust-dns-resolver = { version = "0.23", optional = true }
 actix-http = { version = "3.6", features = ["openssl"] }
 actix-http-test = { version = "3", features = ["openssl"] }
 actix-server = "2"
-actix-test = { version = "0.1", features = ["openssl", "rustls-0_22"] }
-actix-tls = { version = "3.3", features = ["openssl", "rustls-0_22"] }
+actix-test = { version = "0.1", features = ["openssl", "rustls-0_23"] }
+actix-tls = { version = "3.3", features = ["openssl", "rustls-0_23"] }
 actix-utils = "3"
 actix-web = { version = "4", features = ["openssl"] }
 
@@ -132,7 +134,8 @@ rcgen = "0.12"
 rustls-pemfile = "2"
 tokio = { version = "1.24.2", features = ["rt-multi-thread", "macros"] }
 zstd = "0.13"
+tls-rustls-0_23 = { package = "rustls", version = "0.23" } # add rustls 0.23 with default features to make aws_lc_rs work in tests 
 
 [[example]]
 name = "client"
-required-features = ["rustls-0_22-webpki-roots"]
+required-features = ["rustls-0_23-webpki-roots"]
diff --git a/awc/src/builder.rs b/awc/src/builder.rs
index a54960382..3955c6871 100644
--- a/awc/src/builder.rs
+++ b/awc/src/builder.rs
@@ -37,6 +37,12 @@ pub struct ClientBuilder<S = (), M = ()> {
 }
 
 impl ClientBuilder {
+    /// Create a new ClientBuilder with default settings
+    ///
+    /// Note: If the `rustls-0_23` feature is enabled and neither `rustls-0_23-native-roots` nor
+    /// `rustls-0_23-webpki-roots` are enabled, this ClientBuilder will build without TLS. In order
+    /// to enable TLS in this scenario, a custom `Connector` _must_ be added to the builder before
+    /// finishing constrution.
     #[allow(clippy::new_ret_no_self)]
     pub fn new() -> ClientBuilder<
         impl Service<
diff --git a/awc/src/client/connector.rs b/awc/src/client/connector.rs
index ea4594b80..aea78b3c3 100644
--- a/awc/src/client/connector.rs
+++ b/awc/src/client/connector.rs
@@ -58,10 +58,7 @@ enum OurTlsConnector {
     #[allow(dead_code)] // false positive; used in build_tls
     Rustls022(std::sync::Arc<actix_tls::connect::rustls_0_22::reexports::ClientConfig>),
 
-    #[cfg(any(
-        feature = "rustls-0_23-webpki-roots",
-        feature = "rustls-0_23-native-roots",
-    ))]
+    #[cfg(feature = "rustls-0_23")]
     #[allow(dead_code)] // false positive; used in build_tls
     Rustls023(std::sync::Arc<actix_tls::connect::rustls_0_23::reexports::ClientConfig>),
 }
@@ -87,6 +84,13 @@ pub struct Connector<T> {
 }
 
 impl Connector<()> {
+    /// Create a new connector with default TLS settings
+    ///
+    /// Panicking:
+    /// - When the `rustls-0_23-webpki-roots` or `rustls-0_23-native-roots` features are enabled
+    ///     and no default cyrpto provider has been loaded, this method will panic.
+    /// - When the `rustls-0_23-native-roots` or `rustls-0_22-native-roots` features are enabled
+    ///     and the runtime system has no native root certificates, this method will panic.
     #[allow(clippy::new_ret_no_self, clippy::let_unit_value)]
     pub fn new() -> Connector<
         impl Service<
@@ -196,7 +200,8 @@ impl Connector<()> {
                 OurTlsConnector::OpensslBuilder(ssl)
             }
         } else {
-            /// Provides an empty TLS connector when no TLS feature is enabled.
+            /// Provides an empty TLS connector when no TLS feature is enabled, or when
+            /// rustls-0_23 is enabled.
             fn build_tls(_: Vec<Vec<u8>>) -> OurTlsConnector {
                 OurTlsConnector::None
             }
@@ -308,10 +313,13 @@ where
     }
 
     /// Sets custom Rustls v0.23 `ClientConfig` instance.
-    #[cfg(any(
-        feature = "rustls-0_23-webpki-roots",
-        feature = "rustls-0_23-native-roots",
-    ))]
+    ///
+    /// In order to enable ALPN, set the `.alpn_protocols` field on the ClientConfig to the
+    /// following:
+    /// ```rust,ignore
+    /// vec![b"h2".to_vec(), b"http/1.1".to_vec()]
+    /// ```
+    #[cfg(feature = "rustls-0_23")]
     pub fn rustls_0_23(
         mut self,
         connector: std::sync::Arc<actix_tls::connect::rustls_0_23::reexports::ClientConfig>,
@@ -631,10 +639,7 @@ where
                 Some(actix_service::boxed::rc_service(tls_service))
             }
 
-            #[cfg(any(
-                feature = "rustls-0_23-webpki-roots",
-                feature = "rustls-0_23-native-roots",
-            ))]
+            #[cfg(feature = "rustls-0_23")]
             OurTlsConnector::Rustls023(tls) => {
                 const H2: &[u8] = b"h2";
 
diff --git a/awc/tests/test_rustls_client.rs b/awc/tests/test_rustls_client.rs
index 1cc3e8c48..719d25119 100644
--- a/awc/tests/test_rustls_client.rs
+++ b/awc/tests/test_rustls_client.rs
@@ -1,6 +1,6 @@
-#![cfg(feature = "rustls-0_22-webpki-roots")]
+#![cfg(feature = "rustls-0_23-webpki-roots")]
 
-extern crate tls_rustls_0_22 as rustls;
+extern crate tls_rustls_0_23 as rustls;
 
 use std::{
     io::BufReader,
@@ -13,7 +13,7 @@ use std::{
 use actix_http::HttpService;
 use actix_http_test::test_server;
 use actix_service::{fn_service, map_config, ServiceFactoryExt};
-use actix_tls::connect::rustls_0_22::webpki_roots_cert_store;
+use actix_tls::connect::rustls_0_23::webpki_roots_cert_store;
 use actix_utils::future::ok;
 use actix_web::{dev::AppConfig, http::Version, web, App, HttpResponse};
 use rustls::{
@@ -83,7 +83,7 @@ mod danger {
         }
 
         fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
-            rustls::crypto::ring::default_provider()
+            rustls::crypto::aws_lc_rs::default_provider()
                 .signature_verification_algorithms
                 .supported_schemes()
         }
@@ -107,7 +107,7 @@ async fn test_connection_reuse_h2() {
                     App::new().service(web::resource("/").route(web::to(HttpResponse::Ok))),
                     |_| AppConfig::default(),
                 ))
-                .rustls_0_22(tls_config())
+                .rustls_0_23(tls_config())
                 .map_err(|_| ()),
         )
     })
@@ -126,7 +126,7 @@ async fn test_connection_reuse_h2() {
         .set_certificate_verifier(Arc::new(danger::NoCertificateVerification));
 
     let client = awc::Client::builder()
-        .connector(awc::Connector::new().rustls_0_22(Arc::new(config)))
+        .connector(awc::Connector::new().rustls_0_23(Arc::new(config)))
         .finish();
 
     // req 1