Hi there, apologies for delay.
The TLS tcpclient library did work, we were able to connect it to the AWS HTTPS API gateway. The downside is that every single publish it incurs the overhead of setting up a HTTPS TCP based session. So it works, but its pretty ugly! The real solution is TLS MQTT which is pretty much the best pub/sub protocol out there and is extremely lightweight.
Point to point comms you could use CoAP, which is what I believe the particle actually uses. From arms length inspection it has some interesting peculiarities as the docu suggests it was designed for client to server publishing and client subscription to hear from the server is a bit of a hack.
On the other hand, MQTT was designed ground up for subscription (of multiple parties if you like) and its what AWS has chosen as a protocol choice for their IOT as a service platform.
However, the photon doesn't have the memory to deal with those libraries, and likely doesn't have the cpu grunt if you're intending on doing some sensor work/calculations, some form of local webserver API with the customer smartphone or sensors and running MQTT etc. Unless it's refreshed then ESP32 seems the best forward direction, IBM Watson folk published some example code running MQTT to their cloud platform on ESP32. Neat.