diff --git a/Cargo.toml b/Cargo.toml
index 55195f2..6ed9316 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -24,7 +24,7 @@ native-tls = ["native-tls-crate"]
 native-tls-vendored = ["native-tls", "native-tls-crate/vendored"]
 rustls-tls-native-roots = ["__rustls-tls", "rustls-native-certs"]
 rustls-tls-webpki-roots = ["__rustls-tls", "webpki-roots"]
-__rustls-tls = ["rustls"]
+__rustls-tls = ["rustls", "rustls-pki-types"]
 
 [dependencies]
 data-encoding = { version = "2", optional = true }
@@ -46,11 +46,15 @@ version = "0.2.3"
 
 [dependencies.rustls]
 optional = true
-version = "0.21.6"
+version = "0.22.0"
+
+[dependencies.rustls-pki-types]
+optional = true
+version = "1.0"
 
 [dependencies.rustls-native-certs]
 optional = true
-version = "0.6.0"
+version = "0.7.0"
 
 [dependencies.webpki-roots]
 optional = true
diff --git a/src/tls.rs b/src/tls.rs
index 4a21608..836b7ae 100644
--- a/src/tls.rs
+++ b/src/tls.rs
@@ -70,7 +70,8 @@ mod encryption {
 
     #[cfg(feature = "__rustls-tls")]
     pub mod rustls {
-        use rustls::{ClientConfig, ClientConnection, RootCertStore, ServerName, StreamOwned};
+        use rustls::{ClientConfig, ClientConnection, RootCertStore, StreamOwned};
+        use rustls_pki_types::ServerName;
 
         use std::{
             convert::TryFrom,
@@ -105,36 +106,26 @@ mod encryption {
                             #[cfg(feature = "rustls-tls-native-roots")]
                             {
                                 let native_certs = rustls_native_certs::load_native_certs()?;
-                                let der_certs: Vec<Vec<u8>> =
-                                    native_certs.into_iter().map(|cert| cert.0).collect();
-                                let total_number = der_certs.len();
+                                let total_number = native_certs.len();
                                 let (number_added, number_ignored) =
-                                    root_store.add_parsable_certificates(&der_certs);
+                                    root_store.add_parsable_certificates(native_certs);
                                 log::debug!("Added {number_added}/{total_number} native root certificates (ignored {number_ignored})");
                             }
                             #[cfg(feature = "rustls-tls-webpki-roots")]
                             {
-                                root_store.add_trust_anchors(
-                                    webpki_roots::TLS_SERVER_ROOTS.iter().map(|ta| {
-                                        rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
-                                            ta.subject.as_ref(),
-                                            ta.subject_public_key_info.as_ref(),
-                                            ta.name_constraints.as_deref(),
-                                        )
-                                    })
-                                );
+                                root_store.extend(webpki_roots::TLS_SERVER_ROOTS.iter().cloned());
                             }
 
                             Arc::new(
                                 ClientConfig::builder()
-                                    .with_safe_defaults()
                                     .with_root_certificates(root_store)
                                     .with_no_client_auth(),
                             )
                         }
                     };
-                    let domain =
-                        ServerName::try_from(domain).map_err(|_| TlsError::InvalidDnsName)?;
+                    let domain = ServerName::try_from(domain)
+                        .map_err(|_| TlsError::InvalidDnsName)?
+                        .to_owned();
                     let client = ClientConnection::new(config, domain).map_err(TlsError::Rustls)?;
                     let stream = StreamOwned::new(client, socket);