diff --git a/Changelog.md b/Changelog.md
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,3 +1,8 @@
+## 0.6.3
+
+- bump stack dependencies
+- fix Content-Length header for encoded HTTP responses in reverse proxy mode
+
 ## 0.6.2
 
 - fixes to improve ssltest result
diff --git a/hprox.cabal b/hprox.cabal
--- a/hprox.cabal
+++ b/hprox.cabal
@@ -5,7 +5,7 @@
 -- see: https://github.com/sol/hpack
 
 name:           hprox
-version:        0.6.2
+version:        0.6.3
 synopsis:       a lightweight HTTP proxy server, and more
 description:    Please see the README on GitHub at <https://github.com/bjin/hprox#readme>
 category:       Web
@@ -67,7 +67,7 @@
     , fast-logger >=3.0
     , http-client >=0.5
     , http-client-tls >=0.3.4
-    , http-reverse-proxy >=0.6.0.2
+    , http-reverse-proxy >=0.6.0.3
     , http-types >=0.12
     , http2 >=4.0
     , optparse-applicative >=0.14
diff --git a/src/Network/HProx.hs b/src/Network/HProx.hs
--- a/src/Network/HProx.hs
+++ b/src/Network/HProx.hs
@@ -21,7 +21,7 @@
 import Data.ByteString.Char8       qualified as BS8
 import Data.Default.Class          (def)
 import Data.HashMap.Strict         qualified as HM
-import Data.List                   (elemIndex, elemIndices, find, isSuffixOf, sortOn, (\\))
+import Data.List                   (elemIndex, elemIndices, isSuffixOf, sortOn)
 import Data.List.NonEmpty          (NonEmpty(..))
 import Data.Ord                    (Down(..))
 import Data.String                 (fromString)
@@ -29,7 +29,6 @@
 import Network.HTTP.Client.TLS     (newTlsManager)
 import Network.HTTP.Types          qualified as HT
 import Network.TLS                 qualified as TLS
-import Network.TLS.Extra.Cipher    qualified as TLS
 import Network.TLS.SessionManager  qualified as SM
 import Network.Wai                 (Application, rawPathInfo)
 import Network.Wai.Handler.Warp
@@ -37,7 +36,7 @@
     setLogger, setNoParsePath, setOnException, setPort, setServerName)
 import Network.Wai.Handler.WarpTLS
     (OnInsecure(..), WarpTLSException, defaultTlsSettings, onInsecure, runTLS, tlsAllowedVersions,
-    tlsCiphers, tlsCredentials, tlsServerHooks, tlsSessionManager)
+    tlsCredentials, tlsServerHooks, tlsSessionManager)
 
 import Control.Exception    (Exception(..))
 import GHC.IO.Exception     (IOErrorType(..))
@@ -46,6 +45,7 @@
 
 #ifdef QUIC_ENABLED
 import Control.Concurrent.Async     (mapConcurrently_)
+import Data.List                    (find)
 import Network.QUIC                 qualified as Q
 import Network.QUIC.Internal        qualified as Q
 import Network.Wai.Handler.Warp     (setAltSvc)
@@ -320,7 +320,6 @@
     -> IO ()
 run fallback Config{..} = withLogger (getLoggerType _log) _loglevel $ \logger -> do
     logger INFO $ "hprox " <> toLogStr (showVersion version) <> " started"
-    logger INFO $ "bind to TCP port " <> toLogStr (fromMaybe "[::]" _bind) <> ":" <> toLogStr _port
 
     let certfiles = _ssl
 
@@ -354,9 +353,10 @@
 #elif defined(QUIC_ENABLED)
             case (dropped, _quic) of
                 (True, Just qport) | qport < 1024 -> logger ERROR $ "dropping root priviledge will likely break QUIC connection over UDP port " <> toLogStr (show qport)
+                (True, _) -> logger INFO "root priviledge dropped"
                 _ -> return ()
 #else
-            return ()
+            when dropped $ logger INFO "root priviledge dropped"
 #endif
 #endif
 
@@ -381,24 +381,11 @@
             | otherwise                           =
                 logger TRACE $ "(" <> toLogStr (HT.statusCode status) <> ") " <> logRequest req
 
-        -- https://www.ssllabs.com/ssltest
-        -- https://github.com/haskell-tls/hs-tls/blob/master/core/Network/TLS/Extra/Cipher.hs
-        weak_ciphers = [ TLS.cipher_ECDHE_RSA_AES256CBC_SHA384
-                       , TLS.cipher_ECDHE_RSA_AES256CBC_SHA
-                       , TLS.cipher_AES256CCM_SHA256
-                       , TLS.cipher_AES256GCM_SHA384
-                       , TLS.cipher_AES256_SHA256
-                       , TLS.cipher_AES256_SHA1
-                       , TLS.cipher_ECDHE_ECDSA_AES256CBC_SHA384
-                       , TLS.cipher_ECDHE_ECDSA_AES256CBC_SHA
-                       ]
-
         tlsset = defaultTlsSettings
             { tlsServerHooks     = def { TLS.onServerNameIndication = onSNI }
             , tlsCredentials     = Just (TLS.Credentials [head certs])
             , onInsecure         = AllowInsecure
             , tlsAllowedVersions = [TLS.TLS13, TLS.TLS12]
-            , tlsCiphers         = TLS.ciphersuite_strong \\ weak_ciphers
             , tlsSessionManager  = Just smgr
             }
 
@@ -422,7 +409,6 @@
             { Q.scAddresses      = [(fromString (fromMaybe "0.0.0.0" _bind), fromIntegral qport)]
             , Q.scVersions       = [Q.Version1, Q.Version2]
             , Q.scCredentials    = TLS.Credentials [head certs]
-            , Q.scCiphers        = Q.scCiphers Q.defaultServerConfig \\ weak_ciphers
             , Q.scALPN           = Just alpn
             , Q.scTlsHooks       = def { TLS.onServerNameIndication = onSNI }
             , Q.scUse0RTT        = True
@@ -482,6 +468,7 @@
     unless (null revSorted) $ logger INFO $ "reverse proxy: " <> toLogStr (show revSorted)
     forM_ _doh $ \doh -> logger INFO $ "DNS-over-HTTPS redirect: " <> toLogStr doh
 
+    logger INFO $ "bind to TCP port " <> toLogStr (fromMaybe "[::]" _bind) <> ":" <> toLogStr _port
     case _doh of
         Nothing  -> runner proxy
         Just doh -> createResolver doh (\resolver -> runner (dnsOverHTTPS resolver proxy))
