diff --git a/Cargo.lock b/Cargo.lock
index 0a9d9a9aae..d1219d7aad 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -212,7 +212,7 @@ version = "2.5.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a7e7b35733e3a8c1ccb90385088dd5b6eaa61325cb4d1ad56e683b5224ff352e"
 dependencies = [
- "jni",
+ "jni 0.21.1",
  "ndk-context",
  "winapi",
  "xdg",
@@ -1259,7 +1259,7 @@ dependencies = [
  "core-foundation-sys",
  "coreaudio-rs",
  "dasp_sample",
- "jni",
+ "jni 0.21.1",
  "js-sys",
  "libc",
  "mach2",
@@ -2247,7 +2247,7 @@ dependencies = [
  "futures-core",
  "futures-sink",
  "nanorand",
- "spin 0.9.8",
+ "spin",
 ]
 
 [[package]]
@@ -2988,8 +2988,8 @@ dependencies = [
  "http",
  "hyper",
  "log",
- "rustls",
- "rustls-native-certs",
+ "rustls 0.21.12",
+ "rustls-native-certs 0.6.3",
  "tokio",
  "tokio-rustls",
 ]
@@ -3342,6 +3342,20 @@ dependencies = [
  "cc",
 ]
 
+[[package]]
+name = "jni"
+version = "0.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c6df18c2e3db7e453d3c6ac5b3e9d5182664d28788126d39b91f2d1e22b017ec"
+dependencies = [
+ "cesu8",
+ "combine",
+ "jni-sys",
+ "log",
+ "thiserror",
+ "walkdir",
+]
+
 [[package]]
 name = "jni"
 version = "0.21.1"
@@ -4410,7 +4424,7 @@ version = "0.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e8b61bebd49e5d43f5f8cc7ee2891c16e0f41ec7954d36bcb6c14c5e0de867fb"
 dependencies = [
- "jni",
+ "jni 0.21.1",
  "ndk 0.8.0",
  "ndk-context",
  "num-derive",
@@ -4918,16 +4932,16 @@ dependencies = [
 
 [[package]]
 name = "quinn"
-version = "0.10.2"
+version = "0.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8cc2c5017e4b43d5995dcea317bc46c1e09404c0a9664d2908f7f02dfe943d75"
+checksum = "904e3d3ba178131798c6d9375db2b13b34337d489b089fc5ba0825a2ff1bee73"
 dependencies = [
  "bytes",
  "pin-project-lite",
  "quinn-proto",
  "quinn-udp",
  "rustc-hash",
- "rustls",
+ "rustls 0.23.8",
  "thiserror",
  "tokio",
  "tracing",
@@ -4935,16 +4949,16 @@ dependencies = [
 
 [[package]]
 name = "quinn-proto"
-version = "0.10.6"
+version = "0.11.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "141bf7dfde2fbc246bfd3fe12f2455aa24b0fbd9af535d8c86c7bd1381ff2b1a"
+checksum = "e974563a4b1c2206bbc61191ca4da9c22e4308b4c455e8906751cc7828393f08"
 dependencies = [
  "bytes",
  "rand 0.8.5",
- "ring 0.16.20",
+ "ring",
  "rustc-hash",
- "rustls",
- "rustls-native-certs",
+ "rustls 0.23.8",
+ "rustls-platform-verifier",
  "slab",
  "thiserror",
  "tinyvec",
@@ -4953,15 +4967,15 @@ dependencies = [
 
 [[package]]
 name = "quinn-udp"
-version = "0.4.1"
+version = "0.5.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "055b4e778e8feb9f93c4e439f71dc2156ef13360b432b799e179a8c4cdf0b1d7"
+checksum = "e4f0def2590301f4f667db5a77f9694fb004f82796dc1a8b1508fafa3d0e8b72"
 dependencies = [
- "bytes",
  "libc",
+ "once_cell",
  "socket2",
  "tracing",
- "windows-sys 0.48.0",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -5143,7 +5157,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "54077e1872c46788540de1ea3d7f4ccb1983d12f9aa909b234468676c1a36779"
 dependencies = [
  "pem",
- "ring 0.17.8",
+ "ring",
  "rustls-pki-types",
  "time",
  "yasna",
@@ -5304,21 +5318,6 @@ dependencies = [
  "quick-error",
 ]
 
-[[package]]
-name = "ring"
-version = "0.16.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
-dependencies = [
- "cc",
- "libc",
- "once_cell",
- "spin 0.5.2",
- "untrusted 0.7.1",
- "web-sys",
- "winapi",
-]
-
 [[package]]
 name = "ring"
 version = "0.17.8"
@@ -5329,8 +5328,8 @@ dependencies = [
  "cfg-if 1.0.0",
  "getrandom 0.2.15",
  "libc",
- "spin 0.9.8",
- "untrusted 0.9.0",
+ "spin",
+ "untrusted",
  "windows-sys 0.52.0",
 ]
 
@@ -5482,11 +5481,25 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
 dependencies = [
  "log",
- "ring 0.17.8",
- "rustls-webpki",
+ "ring",
+ "rustls-webpki 0.101.7",
  "sct",
 ]
 
+[[package]]
+name = "rustls"
+version = "0.23.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "79adb16721f56eb2d843e67676896a61ce7a0fa622dc18d3e372477a029d2740"
+dependencies = [
+ "once_cell",
+ "ring",
+ "rustls-pki-types",
+ "rustls-webpki 0.102.4",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "rustls-native-certs"
 version = "0.6.3"
@@ -5499,6 +5512,19 @@ dependencies = [
  "security-framework",
 ]
 
+[[package]]
+name = "rustls-native-certs"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8f1fb85efa936c42c6d5fc28d2629bb51e4b2f4b8a5211e297d599cc5a093792"
+dependencies = [
+ "openssl-probe",
+ "rustls-pemfile 2.1.2",
+ "rustls-pki-types",
+ "schannel",
+ "security-framework",
+]
+
 [[package]]
 name = "rustls-pemfile"
 version = "1.0.4"
@@ -5524,14 +5550,52 @@ version = "1.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "976295e77ce332211c0d24d92c0e83e50f5c5f046d11082cea19f3df13a3562d"
 
+[[package]]
+name = "rustls-platform-verifier"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5f0d26fa1ce3c790f9590868f0109289a044acb954525f933e2aa3b871c157d"
+dependencies = [
+ "core-foundation",
+ "core-foundation-sys",
+ "jni 0.19.0",
+ "log",
+ "once_cell",
+ "rustls 0.23.8",
+ "rustls-native-certs 0.7.0",
+ "rustls-platform-verifier-android",
+ "rustls-webpki 0.102.4",
+ "security-framework",
+ "security-framework-sys",
+ "webpki-roots",
+ "winapi",
+]
+
+[[package]]
+name = "rustls-platform-verifier-android"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "84e217e7fdc8466b5b35d30f8c0a30febd29173df4a3a0c2115d306b9c4117ad"
+
 [[package]]
 name = "rustls-webpki"
 version = "0.101.7"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
 dependencies = [
- "ring 0.17.8",
- "untrusted 0.9.0",
+ "ring",
+ "untrusted",
+]
+
+[[package]]
+name = "rustls-webpki"
+version = "0.102.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ff448f7e92e913c4b7d4c6d8e4540a1724b319b4152b8aef6d4cf8339712b33e"
+dependencies = [
+ "ring",
+ "rustls-pki-types",
+ "untrusted",
 ]
 
 [[package]]
@@ -5640,8 +5704,8 @@ version = "0.7.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
 dependencies = [
- "ring 0.17.8",
- "untrusted 0.9.0",
+ "ring",
+ "untrusted",
 ]
 
 [[package]]
@@ -5690,6 +5754,7 @@ dependencies = [
  "core-foundation",
  "core-foundation-sys",
  "libc",
+ "num-bigint 0.4.5",
  "security-framework-sys",
 ]
 
@@ -6095,12 +6160,6 @@ dependencies = [
  "syn 1.0.109",
 ]
 
-[[package]]
-name = "spin"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
-
 [[package]]
 name = "spin"
 version = "0.9.8"
@@ -6241,6 +6300,12 @@ dependencies = [
  "syn 2.0.65",
 ]
 
+[[package]]
+name = "subtle"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
+
 [[package]]
 name = "sum_type"
 version = "0.2.0"
@@ -6525,7 +6590,7 @@ version = "0.24.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
 dependencies = [
- "rustls",
+ "rustls 0.21.12",
  "tokio",
 ]
 
@@ -6878,12 +6943,6 @@ version = "0.2.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
 
-[[package]]
-name = "untrusted"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
-
 [[package]]
 name = "untrusted"
 version = "0.9.0"
@@ -6977,7 +7036,7 @@ dependencies = [
  "quinn",
  "rayon",
  "ron",
- "rustls",
+ "rustls 0.23.8",
  "rustyline",
  "serde",
  "specs",
@@ -7211,7 +7270,7 @@ dependencies = [
  "quinn",
  "rand 0.8.5",
  "rcgen",
- "rustls",
+ "rustls 0.23.8",
  "serde",
  "shellexpand 3.1.0",
  "socket2",
@@ -7301,7 +7360,7 @@ dependencies = [
  "refinery",
  "ron",
  "rusqlite",
- "rustls",
+ "rustls 0.23.8",
  "rustls-pemfile 2.1.2",
  "schnellru",
  "serde",
@@ -8215,6 +8274,15 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "webpki-roots"
+version = "0.26.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b3de34ae270483955a94f4b21bdaaeb83d508bb84a01435f393818edb0012009"
+dependencies = [
+ "rustls-pki-types",
+]
+
 [[package]]
 name = "wfd"
 version = "0.1.7"
@@ -9011,6 +9079,12 @@ dependencies = [
  "syn 2.0.65",
 ]
 
+[[package]]
+name = "zeroize"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde"
+
 [[package]]
 name = "zstd"
 version = "0.13.1"
diff --git a/Cargo.toml b/Cargo.toml
index 1078c6e88e..7963d360c2 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -134,7 +134,7 @@ tokio = { version = "1.28", default-features = false, features = ["rt"] }
 tracing = { version = "0.1" }
 futures-util = { version = "0.3.7", default-features = false }
 prometheus = { version = "0.13", default-features = false }
-prometheus-hyper = "0.1.4"
+prometheus-hyper = "0.1.5"
 
 strum = { version = "0.24", features = ["derive"] }
 enum-map = { version = "2.4" }
@@ -161,9 +161,8 @@ async-trait = "0.1.42"
 sha2 = "0.10"
 hex = "0.4.3"
 
-#TODO add  features = ["std"] in 0.22
-rustls = { version = "0.21", default-features = false }
-quinn = { version = "0.10" }
+rustls = { version = "0.23", default-features = false, features = ["std"] }
+quinn = { version = "0.11" }
 
 [patch.crates-io]
 # until next specs release
diff --git a/client/Cargo.toml b/client/Cargo.toml
index ebb3782d26..71453a4116 100644
--- a/client/Cargo.toml
+++ b/client/Cargo.toml
@@ -38,7 +38,7 @@ network = { package = "veloren-network", path = "../network", features = [
 byteorder = "1.3.2"
 tokio = { workspace = true, features = ["rt-multi-thread"] }
 quinn = { workspace = true, features = ["rustls"] }
-rustls = { workspace = true, features = ["dangerous_configuration"] }
+rustls = { workspace = true }
 hickory-resolver = { version = "0.24.0", features = [
     "system-config",
     "tokio-runtime",
diff --git a/client/src/lib.rs b/client/src/lib.rs
index db0072242d..c700e5d61a 100644
--- a/client/src/lib.rs
+++ b/client/src/lib.rs
@@ -78,7 +78,7 @@ use image::DynamicImage;
 use network::{ConnectAddr, Network, Participant, Pid, Stream};
 use num::traits::FloatConst;
 use rayon::prelude::*;
-use rustls::client::ServerCertVerified;
+use rustls::client::danger::ServerCertVerified;
 use specs::Component;
 use std::{
     collections::{BTreeMap, VecDeque},
@@ -86,7 +86,7 @@ use std::{
     mem,
     path::PathBuf,
     sync::Arc,
-    time::{Duration, Instant, SystemTime},
+    time::{Duration, Instant},
 };
 use tokio::runtime::Runtime;
 use tracing::{debug, error, trace, warn};
@@ -352,34 +352,74 @@ async fn connect_quic(
     validate_tls: bool,
 ) -> Result<network::Participant, crate::error::Error> {
     let config = if validate_tls {
-        quinn::ClientConfig::with_native_roots()
+        quinn::ClientConfig::with_platform_verifier()
     } else {
         warn!(
             "skipping validation of server identity. There is no guarantee that the server you're \
              connected to is the one you expect to be connecting to."
         );
+        #[derive(Debug)]
         struct Verifier;
-        impl rustls::client::ServerCertVerifier for Verifier {
+        impl rustls::client::danger::ServerCertVerifier for Verifier {
             fn verify_server_cert(
                 &self,
-                _: &rustls::Certificate,
-                _: &[rustls::Certificate],
-                _: &rustls::ServerName,
-                _: &mut dyn Iterator<Item = &[u8]>,
-                _: &[u8],
-                _: SystemTime,
+                _end_entity: &rustls::pki_types::CertificateDer<'_>,
+                _intermediates: &[rustls::pki_types::CertificateDer<'_>],
+                _server_name: &rustls::pki_types::ServerName<'_>,
+                _ocsp_response: &[u8],
+                _now: rustls::pki_types::UnixTime,
             ) -> Result<ServerCertVerified, rustls::Error> {
                 Ok(ServerCertVerified::assertion())
             }
+
+            fn verify_tls12_signature(
+                &self,
+                _message: &[u8],
+                _cert: &rustls::pki_types::CertificateDer<'_>,
+                _dss: &rustls::DigitallySignedStruct,
+            ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error>
+            {
+                Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
+            }
+
+            fn verify_tls13_signature(
+                &self,
+                _message: &[u8],
+                _cert: &rustls::pki_types::CertificateDer<'_>,
+                _dss: &rustls::DigitallySignedStruct,
+            ) -> Result<rustls::client::danger::HandshakeSignatureValid, rustls::Error>
+            {
+                Ok(rustls::client::danger::HandshakeSignatureValid::assertion())
+            }
+
+            fn supported_verify_schemes(&self) -> Vec<rustls::SignatureScheme> {
+                vec![
+                    rustls::SignatureScheme::RSA_PKCS1_SHA1,
+                    rustls::SignatureScheme::ECDSA_SHA1_Legacy,
+                    rustls::SignatureScheme::RSA_PKCS1_SHA256,
+                    rustls::SignatureScheme::ECDSA_NISTP256_SHA256,
+                    rustls::SignatureScheme::RSA_PKCS1_SHA384,
+                    rustls::SignatureScheme::ECDSA_NISTP384_SHA384,
+                    rustls::SignatureScheme::RSA_PKCS1_SHA512,
+                    rustls::SignatureScheme::ECDSA_NISTP521_SHA512,
+                    rustls::SignatureScheme::RSA_PSS_SHA256,
+                    rustls::SignatureScheme::RSA_PSS_SHA384,
+                    rustls::SignatureScheme::RSA_PSS_SHA512,
+                    rustls::SignatureScheme::ED25519,
+                    rustls::SignatureScheme::ED448,
+                ]
+            }
         }
 
         let mut cfg = rustls::ClientConfig::builder()
-            .with_safe_defaults()
+            .dangerous()
             .with_custom_certificate_verifier(Arc::new(Verifier))
             .with_no_client_auth();
         cfg.enable_early_data = true;
 
-        quinn::ClientConfig::new(Arc::new(cfg))
+        quinn::ClientConfig::new(Arc::new(
+            quinn::crypto::rustls::QuicClientConfig::try_from(cfg).unwrap(),
+        ))
     };
 
     addr::try_connect(network, &hostname, override_port, prefer_ipv6, |a| {
diff --git a/network/src/channel.rs b/network/src/channel.rs
index b427cb7261..bf50193bd1 100644
--- a/network/src/channel.rs
+++ b/network/src/channel.rs
@@ -339,7 +339,7 @@ impl Protocols {
                         // a reverse DNS lookup
                         let connect_addr = ConnectAddr::Quic(
                             addr,
-                            quinn::ClientConfig::with_native_roots(),
+                            quinn::ClientConfig::with_platform_verifier(),
                             "TODO_remote_hostname".to_string(),
                         );
                         let _ = c2s_protocol_s.send((quic, connect_addr, cid));
diff --git a/network/tests/helper.rs b/network/tests/helper.rs
index fad523edca..9756bb99bc 100644
--- a/network/tests/helper.rs
+++ b/network/tests/helper.rs
@@ -1,4 +1,5 @@
 use lazy_static::*;
+use rustls::pki_types::{PrivateKeyDer, PrivatePkcs8KeyDer};
 use std::{
     net::{Ipv4Addr, SocketAddr},
     sync::{
@@ -108,15 +109,16 @@ pub fn quic() -> (ListenAddr, ConnectAddr) {
     let key = cert.key_pair.serialize_der();
     let cert = cert.cert.der();
 
-    let key = rustls::PrivateKey(key);
-    let cert = rustls::Certificate((*cert).to_vec());
+    let key = PrivateKeyDer::from(PrivatePkcs8KeyDer::from(key));
 
     let mut root_store = rustls::RootCertStore::empty();
-    root_store.add(&cert).expect("cannot add cert to rootstore");
+    root_store
+        .add(cert.clone())
+        .expect("cannot add cert to rootstore");
 
-    let server_config = quinn::ServerConfig::with_single_cert(vec![cert], key)
+    let server_config = quinn::ServerConfig::with_single_cert(vec![cert.clone()], key)
         .expect("Server Config Cert/Key failed");
-    let client_config = quinn::ClientConfig::with_root_certificates(root_store);
+    let client_config = quinn::ClientConfig::with_root_certificates(Arc::new(root_store)).unwrap();
     use std::net::IpAddr;
     (
         ListenAddr::Quic(
diff --git a/server-cli/Cargo.toml b/server-cli/Cargo.toml
index 54b4f47ba6..ca5f98cb2e 100644
--- a/server-cli/Cargo.toml
+++ b/server-cli/Cargo.toml
@@ -58,4 +58,4 @@ prometheus = { workspace = true }
 chrono = { workspace = true }
 
 [target.'cfg(windows)'.dependencies]
-mimalloc = "0.1.29"
\ No newline at end of file
+mimalloc = "0.1.29"
diff --git a/server/src/lib.rs b/server/src/lib.rs
index bb11b82b36..0788fe3c25 100644
--- a/server/src/lib.rs
+++ b/server/src/lib.rs
@@ -111,6 +111,7 @@ use persistence::{
     character_updater::CharacterUpdater,
 };
 use prometheus::Registry;
+use rustls::pki_types::{CertificateDer, PrivateKeyDer};
 use specs::{
     shred::SendDispatcher, Builder, Entity as EcsEntity, Entity, Join, LendJoin, WorldExt,
 };
@@ -549,14 +550,14 @@ impl Server {
                     match || -> Result<_, Box<dyn std::error::Error>> {
                         let key = fs::read(key_file_path)?;
                         let key = if key_file_path.extension().map_or(false, |x| x == "der") {
-                            rustls::PrivateKey(key)
+                            PrivateKeyDer::try_from(key).map_err(|_| "No valid pem key in file")?
                         } else {
                             debug!("convert pem key to der");
-                            let key = rustls_pemfile::read_all(&mut key.as_slice())
+                            rustls_pemfile::read_all(&mut key.as_slice())
                                 .find_map(|item| match item {
-                                    Ok(Item::Pkcs1Key(v)) => Some(v.secret_pkcs1_der().into()),
-                                    Ok(Item::Pkcs8Key(v)) => Some(v.secret_pkcs8_der().into()),
-                                    Ok(Item::Sec1Key(_)) => None,
+                                    Ok(Item::Pkcs1Key(v)) => Some(PrivateKeyDer::Pkcs1(v)),
+                                    Ok(Item::Pkcs8Key(v)) => Some(PrivateKeyDer::Pkcs8(v)),
+                                    Ok(Item::Sec1Key(v)) => Some(PrivateKeyDer::Sec1(v)),
                                     Ok(Item::Crl(_)) => None,
                                     Ok(Item::Csr(_)) => None,
                                     Ok(Item::X509Certificate(_)) => None,
@@ -566,18 +567,17 @@ impl Server {
                                         None
                                     },
                                 })
-                                .ok_or("No valid pem key in file")?;
-                            rustls::PrivateKey(key)
+                                .ok_or("No valid pem key in file")?
                         };
                         let cert_chain = fs::read(cert_file_path)?;
                         let cert_chain = if cert_file_path.extension().map_or(false, |x| x == "der")
                         {
-                            vec![rustls::Certificate(cert_chain)]
+                            vec![CertificateDer::from(cert_chain)]
                         } else {
                             debug!("convert pem cert to der");
                             rustls_pemfile::certs(&mut cert_chain.as_slice())
                                 .filter_map(|item| match item {
-                                    Ok(cert) => Some(rustls::Certificate(cert.to_vec())),
+                                    Ok(cert) => Some(cert),
                                     Err(e) => {
                                         tracing::warn!(?e, "error while reading cert_file");
                                         None