diff --git a/Network/Secure/Connection.hs b/Network/Secure/Connection.hs
--- a/Network/Secure/Connection.hs
+++ b/Network/Secure/Connection.hs
@@ -20,7 +20,7 @@
 import Prelude hiding (read)
 
 import Control.Applicative ((<$>))
-import Control.Exception (IOException, bracketOnError, onException, try)
+import Control.Exception (IOException, bracketOnError, onException)
 import Control.Monad (liftM, unless)
 import Data.ByteString (ByteString)
 import Data.Maybe (fromJust)
@@ -70,13 +70,13 @@
 -- 'PeerIdentity'.
 connect :: LocalIdentity -> [PeerIdentity] -> (HostName, ServiceName)
         -> IO Connection
-connect myId peerIds (host, port) = bracketOnError newSock sClose tryConnect
-  where
-    tryConnect sock = do
+connect myId peerIds (host, port) =
+  do info <- getSockAddr (Just host) port
+     bracketOnError (newSock info) sClose $ \sock -> do
         setSocketOption sock ReuseAddr 1
-        addr <- getSockAddr (Just host) port
-        Network.Socket.connect sock addr
-        connectSSL myId peerIds False sock
+        Network.Socket.connect sock (addrAddress info)
+        r <- connectSSL myId peerIds False sock
+        return r
 
 -- |Read at most 'n' bytes from the given connection.
 read :: Connection -> Int -> IO ByteString
@@ -105,10 +105,10 @@
 newServer :: (Maybe HostName, ServiceName)
           -> IO Network.Secure.Connection.Socket
 newServer (host, port) = do
-    addr <- getSockAddr host port
-    sock <- newSock
+    info <- getSockAddr host port
+    sock <- newSock info
     setSocketOption sock ReuseAddr 1
-    bindSocket sock addr
+    bindSocket sock (addrAddress info)
     listen sock 10
     return $ S sock
 
@@ -121,11 +121,13 @@
   sock <- fst <$> Network.Socket.accept (unSocket listenSock)
   connectSSL myId peerIds True sock
 
-getSockAddr :: Maybe HostName -> ServiceName -> IO SockAddr
+getSockAddr :: Maybe HostName -> ServiceName -> IO Network.Socket.AddrInfo
 getSockAddr hn sn = do
-    let hints = defaultHints { addrFlags = [AI_PASSIVE, AI_ADDRCONFIG] }
+    let hints = defaultHints { addrFlags = [AI_PASSIVE, AI_ADDRCONFIG]
+                             , addrSocketType = Stream
+                             }
     info <- getAddrInfo (Just hints) hn (Just sn)
-    return . addrAddress . head $ info
+    return (head info)
 
 connectSSL :: LocalIdentity -> [PeerIdentity] -> Bool -> Network.Socket.Socket
            -> IO Connection
@@ -150,8 +152,8 @@
                then OpenSSL.Session.accept
                else OpenSSL.Session.connect
 
-newSock :: IO Network.Socket.Socket
-newSock = socket AF_INET Stream defaultProtocol
+newSock :: Network.Socket.AddrInfo -> IO Network.Socket.Socket
+newSock i = socket (addrFamily i) (addrSocketType i) (addrProtocol i)
 
 newSSLContext :: LocalIdentity -> [PeerIdentity] -> IO SSLContext
 newSSLContext localId validCerts = do
diff --git a/Network/Secure/Identity.hs b/Network/Secure/Identity.hs
--- a/Network/Secure/Identity.hs
+++ b/Network/Secure/Identity.hs
@@ -18,9 +18,9 @@
 import Control.Monad (when)
 import Control.Monad.IO.Class (MonadIO, liftIO)
 import Data.ByteString (ByteString, append, hPut)
+import qualified Data.ByteString as BS
 import Data.ByteString.Char8 (pack, unpack)
 import Data.Maybe (fromJust, isNothing)
-import HSH
 import OpenSSL.EVP.PKey (toKeyPair)
 import OpenSSL.PEM (PemPasswordSupply(PwNone), readPrivateKey,
                     writePKCS8PrivateKey, readX509, writeX509)
@@ -31,6 +31,8 @@
 import System.Directory (getTemporaryDirectory, removeFile)
 import System.IO (openBinaryTempFile, hFlush)
 import System.IO.Unsafe (unsafePerformIO)
+import System.Process(runInteractiveProcess,waitForProcess)
+import System.Exit(ExitCode(..))
 
 -- |An identity, public or private.
 class Identity a where
@@ -130,11 +132,22 @@
   where
     mkKeyFile = getTemporaryDirectory >>= flip openBinaryTempFile "key.pem"
     rmKeyFile = removeFile . fst
-    genKey = "openssl genrsa 4096 2>/dev/null"
+    genKey    = ("openssl", ["genrsa", "4096"])
     genCert p = ("openssl", ["req", "-batch", "-new", "-x509",
                              "-key", p, "-nodes",
                              "-subj", "/CN=" ++ commonName,
                              "-days", show days])
+
+run :: (String,[String]) -> IO ByteString
+run (x,xs) =
+  do (_,o,_,h) <- runInteractiveProcess x xs Nothing Nothing
+     s   <- BS.hGetContents o
+     res <- waitForProcess h
+     case res of
+       ExitSuccess   -> return s
+       ExitFailure n -> fail ("External program failed with " ++ show n)
+
+
 
 certMatchesKey :: X509 -> RSAKeyPair -> IO Bool
 certMatchesKey cert key = do
diff --git a/secure-sockets.cabal b/secure-sockets.cabal
--- a/secure-sockets.cabal
+++ b/secure-sockets.cabal
@@ -1,5 +1,5 @@
 Name:                secure-sockets
-Version:             1.2.4
+Version:             1.2.5
 Synopsis:            Secure point-to-point connectivity library
 Description:
     This library simplifies the task of securely connecting two
@@ -22,11 +22,11 @@
                        Network.Secure.Connection
   Build-depends:       base ==4.*,
                        bytestring ==0.9.*,
-                       directory ==1.0.*,
-                       HSH ==2.0.*,
+                       directory,
                        HsOpenSSL >=0.10.2,
                        network ==2.*,
-                       transformers ==0.2.*
+                       transformers ==0.2.*,
+                       process
   ghc-prof-options:    -auto-all
   ghc-options:         -Wall -funbox-strict-fields -fwarn-tabs
 
