diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,9 +1,11 @@
 See also http://pvp.haskell.org/faq
 
+### 0.1.6.1
+
+* Build with GHC 9.2 and `ghc-prim-0.8` (via `base-4.16`).
+
 ### 0.1.6.0
 
-* New function `voidContextSSL` for creating a _void_ SSL Context which rejects any TLS handshake attempts
-* New function `contextSetCASystemStore` exposing functionality embedded in `baselineContextSSL`
 * New function `openConnectionAddress''` supporting supplying local `SSLContext`s as well as modifying the `SSL` connection before initiating the client SSL handshake.
 * New function `openConnectionSSL'` which allows to customize the 'SSL' connection /before/ a client SSL handshake is attempted.
 * New convenience function `getContextSSL` function allowing to retrieve global `SSLContext`.
@@ -15,7 +17,7 @@
 ### 0.1.4.0
 
 * New module `Network.Http.Client.WebSocket` providing basic RFC6455 support.
-* New function 'inputStreamBodyChunked' supporting breaking up over-sized chunks.
+* New function `inputStreamBodyChunked` supporting breaking up over-sized chunks.
 
 ### 0.1.3.0
 
diff --git a/http-io-streams.cabal b/http-io-streams.cabal
--- a/http-io-streams.cabal
+++ b/http-io-streams.cabal
@@ -1,6 +1,6 @@
 cabal-version:       2.2
 name:                http-io-streams
-version:             0.1.6.0
+version:             0.1.6.1
 
 synopsis:            HTTP and WebSocket client based on io-streams
 description:
@@ -21,6 +21,20 @@
 bug-reports:         https://github.com/hvr/http-io-streams/issues
 extra-source-files:  CHANGELOG.md
 
+tested-with:
+  GHC == 9.2.2
+  GHC == 9.0.2
+  GHC == 8.10.7
+  GHC == 8.8.4
+  GHC == 8.6.5
+  GHC == 8.4.4
+  GHC == 8.2.2
+  GHC == 8.0.2
+  GHC == 7.10.3
+  GHC == 7.8.4
+  GHC == 7.6.3
+  GHC == 7.4.2
+
 source-repository    head
   type:              git
   location:          https://github.com/hvr/http-io-streams.git
@@ -37,13 +51,24 @@
 
 common settings
   build-depends:
-    , base                 >= 4.5 && < 4.15
+    , base                 >= 4.5 && < 4.17
     , blaze-builder       ^>= 0.4.1.0
-    , bytestring          ^>= 0.10.0.0
+    , bytestring           >= 0.10.0.0 && < 0.12
     , case-insensitive    ^>= 1.2.0.11
     , containers          ^>= 0.5.0.0 || ^>= 0.6.0.1
 
   default-language:  Haskell2010
+  other-extensions:
+    BangPatterns
+    CPP
+    DeriveDataTypeable
+    DoAndIfThenElse
+    MagicHash
+    NamedFieldPuns
+    OverloadedStrings
+    Rank2Types
+    RecordWildCards
+    UnboxedTuples
 
   ghc-options:
     -Wall
@@ -69,7 +94,7 @@
 
   build-depends:
     , HsOpenSSL           ^>= 0.11.2
-    , attoparsec          ^>= 0.13.2.2
+    , attoparsec          ^>= 0.13.2.2 || ^>= 0.14.4
     , binary              ^>= 0.7.1   || ^>= 0.8.3
     , cryptohash-sha1     ^>= 0.11.100
     , directory           ^>= 1.2.0.1 || ^>= 1.3.0.0
@@ -92,7 +117,7 @@
 
   -- http-common
   build-depends:
-    , base64-bytestring   ^>= 1.1.0.0
+    , base64-bytestring   ^>= 1.2.1.0
     , mtl                 ^>= 2.2.2
 
   hs-source-dirs: http-common/lib
diff --git a/http-streams/lib/Network/Http/Client.hs b/http-streams/lib/Network/Http/Client.hs
--- a/http-streams/lib/Network/Http/Client.hs
+++ b/http-streams/lib/Network/Http/Client.hs
@@ -177,8 +177,6 @@
     openConnectionSSL,
     openConnectionSSL',
     baselineContextSSL,
-    voidContextSSL,
-    contextSetCASystemStore,
     modifyContextSSL,
     getContextSSL,
     establishConnection,
diff --git a/http-streams/lib/Network/Http/Inconvenience.hs b/http-streams/lib/Network/Http/Inconvenience.hs
--- a/http-streams/lib/Network/Http/Inconvenience.hs
+++ b/http-streams/lib/Network/Http/Inconvenience.hs
@@ -28,8 +28,6 @@
     encodedFormBody,
     put,
     baselineContextSSL,
-    voidContextSSL,
-    contextSetCASystemStore,
     concatHandler',
     TooManyRedirects(..),
     HttpClientError(..),
@@ -64,7 +62,10 @@
 import qualified Data.Text.Encoding as T
 import Data.Typeable (Typeable)
 import Data.Word (Word16)
-import GHC.Exts (Int(..),word2Int#, uncheckedShiftRL#)
+import GHC.Exts (Int(..), word2Int#, uncheckedShiftRL#)
+#if MIN_VERSION_base(4,16,0)
+import GHC.Exts (word8ToWord#)
+#endif
 import GHC.Word (Word8 (..))
 import Network.URI (URI (..), URIAuth (..), isAbsoluteURI,
                     parseRelativeReference, parseURI, uriToString)
@@ -137,9 +138,11 @@
     toDigit   = c2w . intToDigit
     !low      = toDigit $ fromEnum $ c .&. 0xf
     !hi       = toDigit $ (c .&. 0xf0) `shiftr` 4
-
+#if MIN_VERSION_base(4,16,0)
+    shiftr (W8# a#) (I# b#) = I# (word2Int# (uncheckedShiftRL# (word8ToWord# a#) b#))
+#else
     shiftr (W8# a#) (I# b#) = I# (word2Int# (uncheckedShiftRL# a# b#))
-
+#endif
 
 urlEncodeTable :: Set Char
 urlEncodeTable = Set.fromList $! filter f $! map w2c [0..255]
@@ -399,7 +402,6 @@
 -- you are encouraged to install the system
 -- certificates somewhere and create your own 'SSLContext'.
 --
--- See also 'contextSetCASystemStore'
 {-
     We would like to turn certificate verification on for everyone, but
     this has proved contingent on leveraging platform specific mechanisms
@@ -410,66 +412,26 @@
 baselineContextSSL = withOpenSSL $ do
     ctx <- SSL.context
     SSL.contextSetDefaultCiphers ctx
-
-    caSet <- contextSetCASystemStore ctx
-    if caSet
-      then SSL.contextSetVerificationMode ctx (SSL.VerifyPeer True True Nothing)
-      else SSL.contextSetVerificationMode ctx SSL.VerifyNone
-
-    return ctx
-
--- | Construct a /void/ 'SSL.Context' in a configuration which uses
--- the @HIGH@ cipher-suite and rejects /any/ presented server
--- certificate.
---
--- This is mostly useful for testing purposes or intentionally
--- thwarting any attempt to connect to @https://@ uris.
---
--- @since 0.1.6.0
-voidContextSSL :: IO SSLContext
-voidContextSSL = do
-    ctx <- SSL.context
-    SSL.contextSetCiphers ctx "HIGH"
-    SSL.contextSetVerificationMode ctx (SSL.VerifyPeer True True (Just (\_ _ -> return False)))
-    return ctx
-    
--- | Configure system-wide certificate store based on OS-specific heuristics.
---
--- This function returns 'True' if the 'SSLContext' was configured; or
--- 'False' if the location couldn't be termined for the current OS.
---
--- This function is used by 'baselineContextSSL' but in contrast does
--- *not* invoke 'SSL.contextSetDefaultCiphers' nor
--- 'SSL.contextSetVerificationMode'. See source-code for details on
--- the heuristic used to determine the location of the system
--- certificate store.
---
--- @since 0.1.6.0
-contextSetCASystemStore :: SSLContext -> IO Bool
-contextSetCASystemStore ctx = do
 #if defined(darwin_HOST_OS)
-    return False
+    SSL.contextSetVerificationMode ctx SSL.VerifyNone
 #elif defined(mingw32_HOST_OS)
-    return False
+    SSL.contextSetVerificationMode ctx SSL.VerifyNone
 #elif defined(freebsd_HOST_OS)
     SSL.contextSetCAFile ctx "/usr/local/etc/ssl/cert.pem"
-    return True
+    SSL.contextSetVerificationMode ctx $ SSL.VerifyPeer True True Nothing
 #elif defined(openbsd_HOST_OS)
     SSL.contextSetCAFile ctx "/etc/ssl/cert.pem"
-    return True
+    SSL.contextSetVerificationMode ctx $ SSL.VerifyPeer True True Nothing
 #else
-    hasFedoraEtcPkiTls <- doesDirectoryExist "/etc/pki/tls"
-    if hasFedoraEtcPkiTls
-      then do
-        SSL.contextSetCAFile ctx "/etc/pki/tls/certs/ca-bundle.crt"
-        return True
-      else do
-        -- Setting this as fallback effectively will cause systems to
-        -- either fail to verify any certificates (if peer
-        -- verification is enabled) if the folder doesn't exist.
-        SSL.contextSetCADirectory ctx "/etc/ssl/certs"
-        return True
+    fedora <- doesDirectoryExist "/etc/pki/tls"
+    if fedora
+        then do
+            SSL.contextSetCAFile ctx "/etc/pki/tls/certs/ca-bundle.crt"
+        else do
+            SSL.contextSetCADirectory ctx "/etc/ssl/certs"
+    SSL.contextSetVerificationMode ctx $ SSL.VerifyPeer True True Nothing
 #endif
+    return ctx
 
 
 parseURL :: URL -> URI
