diff --git a/Network/Secure.hs b/Network/Secure.hs
--- a/Network/Secure.hs
+++ b/Network/Secure.hs
@@ -41,7 +41,9 @@
     , Connection
     , peer  
     , read
+    , readPtr
     , write
+    , writePtr
     , close
 
       -- ** Misc reexports from 'Network.Socket'
diff --git a/Network/Secure/Connection.hs b/Network/Secure/Connection.hs
--- a/Network/Secure/Connection.hs
+++ b/Network/Secure/Connection.hs
@@ -8,6 +8,8 @@
     , Network.Secure.Connection.connect
     , Network.Secure.Connection.read
     , Network.Secure.Connection.write
+    , Network.Secure.Connection.readPtr
+    , Network.Secure.Connection.writePtr
     , close
     
     , Network.Secure.Connection.Socket
@@ -28,12 +30,13 @@
                         contextSetCertificate, contextSetCiphers,
                         contextSetVerificationMode, contextGetCAStore,
                         getPeerCertificate, getVerifyResult, read, shutdown,
-                        write)
+                        write, readPtr, writePtr)
 import OpenSSL.X509 (compareX509)
 import OpenSSL.X509.Store (addCertToStore)
 import Network.Socket hiding (shutdown)
 
 import Network.Secure.Identity
+import Foreign.Ptr(Ptr)
 
 -- |An established authenticated connection to a peer. It is
 -- guaranteed that all Connection objects are with a known peer, and
@@ -67,11 +70,12 @@
 -- 'PeerIdentity'.
 connect :: LocalIdentity -> [PeerIdentity] -> (HostName, ServiceName)
         -> IO Connection
-connect myId peerIds (host, port) =
-  do info <- getSockAddr (Just host) port
-     bracketOnError (newSock info) sClose $ \sock -> do
+connect myId peerIds (host, port) = bracketOnError newSock sClose tryConnect
+  where
+    tryConnect sock = do
         setSocketOption sock ReuseAddr 1
-        Network.Socket.connect sock (addrAddress info)
+        addr <- getSockAddr (Just host) port
+        Network.Socket.connect sock addr
         connectSSL myId peerIds False sock
 
 -- |Read at most 'n' bytes from the given connection.
@@ -82,6 +86,14 @@
 write :: Connection -> ByteString -> IO ()
 write = OpenSSL.Session.write . ssl
 
+-- |Read at most 'n' bytes from the given connection, into the given raw buffer.
+readPtr :: Connection -> Ptr a -> Int -> IO Int
+readPtr c p n = OpenSSL.Session.readPtr (ssl c) p n
+
+-- |Send data from the given raw pointer to the connected peer.
+writePtr :: Connection -> Ptr a -> Int -> IO ()
+writePtr c p n = OpenSSL.Session.writePtr (ssl c) p n
+
 -- |Close the connection. No other operations on 'Connection's should
 -- be used after closing it.
 close :: Connection -> IO ()
@@ -93,10 +105,10 @@
 newServer :: (Maybe HostName, ServiceName)
           -> IO Network.Secure.Connection.Socket
 newServer (host, port) = do
-    info <- getSockAddr host port
-    sock <- newSock info
+    addr <- getSockAddr host port
+    sock <- newSock
     setSocketOption sock ReuseAddr 1
-    bindSocket sock (addrAddress info)
+    bindSocket sock addr
     listen sock 10
     return $ S sock
 
@@ -106,22 +118,14 @@
 accept :: LocalIdentity -> [PeerIdentity] -> Network.Secure.Connection.Socket 
        -> IO Connection
 accept myId peerIds listenSock = do
-    result <- try setup :: IO (Either IOException Connection)
-    case result of
-        Left _     -> Network.Secure.Connection.accept myId peerIds listenSock
-        Right conn -> return conn
-  where
-    setup = do
-        sock <- fst <$> Network.Socket.accept (unSocket listenSock)
-        connectSSL myId peerIds True sock
+  sock <- fst <$> Network.Socket.accept (unSocket listenSock)
+  connectSSL myId peerIds True sock
 
-getSockAddr :: Maybe HostName -> ServiceName -> IO Network.Socket.AddrInfo
+getSockAddr :: Maybe HostName -> ServiceName -> IO SockAddr
 getSockAddr hn sn = do
-    let hints = defaultHints { addrFlags = [AI_PASSIVE, AI_ADDRCONFIG]
-                             , addrSocketType = Stream
-                             }
+    let hints = defaultHints { addrFlags = [AI_PASSIVE, AI_ADDRCONFIG] }
     info <- getAddrInfo (Just hints) hn (Just sn)
-    return (head info)
+    return . addrAddress . head $ info
 
 connectSSL :: LocalIdentity -> [PeerIdentity] -> Bool -> Network.Socket.Socket
            -> IO Connection
@@ -146,8 +150,8 @@
                then OpenSSL.Session.accept
                else OpenSSL.Session.connect
 
-newSock :: Network.Socket.AddrInfo -> IO Network.Socket.Socket
-newSock i = socket (addrFamily i) (addrSocketType i) (addrProtocol i)
+newSock :: IO Network.Socket.Socket
+newSock = socket AF_INET Stream defaultProtocol
 
 newSSLContext :: LocalIdentity -> [PeerIdentity] -> IO SSLContext
 newSSLContext localId validCerts = do
@@ -155,7 +159,7 @@
     contextSetPrivateKey ctx (liKey localId)
     contextSetCertificate ctx (liX509 localId)
     contextSetCiphers ctx "AES256-SHA"
-    contextSetVerificationMode ctx $ VerifyPeer True False
+    contextSetVerificationMode ctx $ VerifyPeer True False Nothing
     store <- contextGetCAStore ctx
     mapM_ (addCertToStore store . piX509) validCerts
     return ctx
diff --git a/Network/Secure/Identity.hs b/Network/Secure/Identity.hs
--- a/Network/Secure/Identity.hs
+++ b/Network/Secure/Identity.hs
@@ -18,9 +18,9 @@
 import Control.Monad (when)
 import Control.Monad.IO.Class (MonadIO, liftIO)
 import Data.ByteString (ByteString, append, hPut)
-import qualified Data.ByteString as BS
 import Data.ByteString.Char8 (pack, unpack)
 import Data.Maybe (fromJust, isNothing)
+import HSH
 import OpenSSL.EVP.PKey (toKeyPair)
 import OpenSSL.PEM (PemPasswordSupply(PwNone), readPrivateKey,
                     writePKCS8PrivateKey, readX509, writeX509)
@@ -31,8 +31,6 @@
 import System.Directory (getTemporaryDirectory, removeFile)
 import System.IO (openBinaryTempFile, hFlush)
 import System.IO.Unsafe (unsafePerformIO)
-import System.Process(runInteractiveProcess,waitForProcess)
-import System.Exit(ExitCode(..))
 
 -- |An identity, public or private.
 class Identity a where
@@ -132,22 +130,11 @@
   where
     mkKeyFile = getTemporaryDirectory >>= flip openBinaryTempFile "key.pem"
     rmKeyFile = removeFile . fst
-    genKey    = ("openssl", ["genrsa", "4096"])
+    genKey = "openssl genrsa 4096 2>/dev/null"
     genCert p = ("openssl", ["req", "-batch", "-new", "-x509",
                              "-key", p, "-nodes",
                              "-subj", "/CN=" ++ commonName,
                              "-days", show days])
-
-run :: (String,[String]) -> IO ByteString
-run (x,xs) =
-  do (_,o,_,h) <- runInteractiveProcess x xs Nothing Nothing
-     s   <- BS.hGetContents o
-     res <- waitForProcess h
-     case res of
-       ExitSuccess   -> return s
-       ExitFailure n -> fail ("External program failed with " ++ show n)
-
-
 
 certMatchesKey :: X509 -> RSAKeyPair -> IO Bool
 certMatchesKey cert key = do
diff --git a/secure-sockets.cabal b/secure-sockets.cabal
--- a/secure-sockets.cabal
+++ b/secure-sockets.cabal
@@ -1,5 +1,5 @@
 Name:                secure-sockets
-Version:             1.2.3
+Version:             1.2.4
 Synopsis:            Secure point-to-point connectivity library
 Description:
     This library simplifies the task of securely connecting two
@@ -22,9 +22,9 @@
                        Network.Secure.Connection
   Build-depends:       base ==4.*,
                        bytestring ==0.9.*,
-                       directory >= 1,
-                       process >= 1 && < 2,
-                       HsOpenSSL >0.8 && <0.10,
+                       directory ==1.0.*,
+                       HSH ==2.0.*,
+                       HsOpenSSL >=0.10.2,
                        network ==2.*,
                        transformers ==0.2.*
   ghc-prof-options:    -auto-all
