diff --git a/Network/TLS/Extra/Certificate.hs b/Network/TLS/Extra/Certificate.hs
--- a/Network/TLS/Extra/Certificate.hs
+++ b/Network/TLS/Extra/Certificate.hs
@@ -23,10 +23,9 @@
 
 -- for signing/verifying certificate
 import qualified Crypto.Hash.SHA1 as SHA1
-import qualified Crypto.Hash.MD2 as MD2
-import qualified Crypto.Hash.MD5 as MD5
-import qualified Crypto.Cipher.RSA as RSA
-import qualified Crypto.Cipher.DSA as DSA
+import qualified Crypto.PubKey.HashDescr as HD
+import qualified Crypto.PubKey.RSA.PKCS15 as RSA
+import qualified Crypto.PubKey.DSA as DSA
 
 import Data.CertificateStore
 import Data.Certificate.X509.Cert (oidCommonName)
@@ -110,15 +109,12 @@
 -- | verify a certificate against another one.
 -- the first certificate need to be signed by the second one for this function to succeed.
 certificateVerifyAgainst :: X509 -> X509 -> IO Bool
-certificateVerifyAgainst ux509@(X509 _ _ _ sigalg sig) (X509 scert _ _ _ _) = do
-	let f = verifyF sigalg pk
-	case f udata esig of
-		Right True -> return True
-		_          -> return False
-	where
-		udata = B.concat $ L.toChunks $ getSigningData ux509
-		esig  = B.pack sig
-		pk    = certPubKey scert
+certificateVerifyAgainst ux509@(X509 _ _ _ sigalg sig) (X509 scert _ _ _ _) =
+    return $ (verifyF sigalg pk) udata esig
+    where
+        udata = B.concat $ L.toChunks $ getSigningData ux509
+        esig  = B.pack sig
+        pk    = certPubKey scert
 
 -- | Is this certificate self signed?
 certificateSelfSigned :: X509 -> Bool
@@ -128,7 +124,7 @@
 certMatchDN (X509 testedCert _ _ _ _) (X509 issuerCert _ _ _ _) =
 	certSubjectDN issuerCert == certIssuerDN testedCert
 
-verifyF :: SignatureALG -> PubKey -> B.ByteString -> B.ByteString -> Either String Bool
+verifyF :: SignatureALG -> PubKey -> B.ByteString -> B.ByteString -> Bool
 
 -- md[245]WithRSAEncryption:
 --
@@ -137,23 +133,15 @@
 --   md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
 --   md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 }
 --   md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
-verifyF (SignatureALG HashMD2 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD2.hash asn1 rsak
-	where asn1 = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x02\x10"
-
-verifyF (SignatureALG HashMD5 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify MD5.hash asn1 rsak
-	where asn1 = "\x30\x20\x30\x0c\x06\x08\x2a\x86\x48\x86\xf7\x0d\x02\x05\x05\x00\x04\x10"
-
-verifyF (SignatureALG HashSHA1 PubKeyALG_RSA) (PubKeyRSA rsak) = rsaVerify SHA1.hash asn1 rsak
-	where asn1 = "\x30\x21\x30\x09\x06\x05\x2b\x0e\x03\x02\x1a\x05\x00\x04\x14"
-
+verifyF (SignatureALG HashMD2 PubKeyALG_RSA) (PubKeyRSA rsak) = RSA.verify HD.hashDescrMD2 rsak
+verifyF (SignatureALG HashMD5 PubKeyALG_RSA) (PubKeyRSA rsak) = RSA.verify HD.hashDescrMD5 rsak
+verifyF (SignatureALG HashSHA1 PubKeyALG_RSA) (PubKeyRSA rsak) = RSA.verify HD.hashDescrSHA1 rsak
 verifyF (SignatureALG HashSHA1 PubKeyALG_DSA) (PubKeyDSA dsak) = dsaSHA1Verify dsak
 			
-verifyF _ _ = (\_ _ -> Left "unexpected/wrong signature")
+verifyF _ _ = \_ _ -> False
 
-dsaSHA1Verify pk _ b = either (Left . show) (Right) $ DSA.verify asig SHA1.hash pk b
+dsaSHA1Verify pk _ b = DSA.verify SHA1.hash pk asig b
 	where asig = (0,0) {- FIXME : need to work out how to get R/S from the bytestring a -}
-
-rsaVerify h hdesc pk a b = either (Left . show) (Right) $ RSA.verify h hdesc pk a b
 
 -- | Verify that the given certificate chain is application to the given fully qualified host name.
 certificateVerifyDomain :: String -> [X509] -> CertificateUsage
diff --git a/Network/TLS/Extra/Cipher.hs b/Network/TLS/Extra/Cipher.hs
--- a/Network/TLS/Extra/Cipher.hs
+++ b/Network/TLS/Extra/Cipher.hs
@@ -26,21 +26,18 @@
 	, cipher_AES256_SHA256
 	) where
 
-import qualified Data.Vector.Unboxed as Vector (fromList, toList)
 import qualified Data.ByteString as B
 
 import Network.TLS (Version(..))
 import Network.TLS.Cipher
-import qualified Crypto.Cipher.RC4 as RC4
+import qualified "cipher-rc4" Crypto.Cipher.RC4 as RC4
 
 import qualified Crypto.Hash.SHA256 as SHA256
 import qualified Crypto.Hash.SHA1 as SHA1
 import qualified Crypto.Hash.MD5 as MD5
 
-#ifdef CIPHER_AES
 import qualified "cipher-aes" Crypto.Cipher.AES as AES
 
-
 aes_cbc_encrypt :: Key -> IV -> B.ByteString -> B.ByteString
 aes_cbc_encrypt key iv d = AES.encryptCBC (AES.initKey key) (AES.IV iv) d
 
@@ -52,44 +49,20 @@
 aes256_cbc_encrypt = aes_cbc_encrypt
 aes256_cbc_decrypt = aes_cbc_decrypt
 
-#else
-import qualified "cryptocipher" Crypto.Cipher.AES as AES
-
-aes128_cbc_encrypt :: Key -> IV -> B.ByteString -> B.ByteString
-aes128_cbc_encrypt key iv d = AES.encryptCBC pkey iv d
-	where (Right pkey) = AES.initKey128 key
-
-aes128_cbc_decrypt :: Key -> IV -> B.ByteString -> B.ByteString
-aes128_cbc_decrypt key iv d = AES.decryptCBC pkey iv d
-	where (Right pkey) = AES.initKey128 key
-
-aes256_cbc_encrypt :: Key -> IV -> B.ByteString -> B.ByteString
-aes256_cbc_encrypt key iv d = AES.encryptCBC pkey iv d
-	where (Right pkey) = AES.initKey256 key
-
-aes256_cbc_decrypt :: Key -> IV -> B.ByteString -> B.ByteString
-aes256_cbc_decrypt key iv d = AES.decryptCBC pkey iv d
-	where (Right pkey) = AES.initKey256 key
-
-#endif
-
 toIV :: RC4.Ctx -> IV
-toIV (v, x, y) = B.pack (x : y : Vector.toList v)
+toIV (RC4.Ctx ctx) = ctx
 
 toCtx :: IV -> RC4.Ctx
-toCtx iv =
-	case B.unpack iv of
-		x:y:l -> (Vector.fromList l, x, y)
-		_     -> (Vector.fromList [], 0, 0)
+toCtx iv = RC4.Ctx iv
 
 initF_rc4 :: Key -> IV
-initF_rc4 key     = toIV $ RC4.initCtx (B.unpack key)
+initF_rc4 key     = toIV $ RC4.initCtx key
 
 encryptF_rc4 :: IV -> B.ByteString -> (B.ByteString, IV)
-encryptF_rc4 iv d = (\(ctx, e) -> (e, toIV ctx)) $ RC4.encrypt (toCtx iv) d
+encryptF_rc4 iv d = (\(ctx, e) -> (e, toIV ctx)) $ RC4.combine (toCtx iv) d
 
 decryptF_rc4 :: IV -> B.ByteString -> (B.ByteString, IV)
-decryptF_rc4 iv e = (\(ctx, d) -> (d, toIV ctx)) $ RC4.decrypt (toCtx iv) e
+decryptF_rc4 iv e = (\(ctx, d) -> (d, toIV ctx)) $ RC4.combine (toCtx iv) e
 
 
 -- | all encrypted ciphers supported ordered from strong to weak.
diff --git a/Network/TLS/Extra/Connection.hs b/Network/TLS/Extra/Connection.hs
--- a/Network/TLS/Extra/Connection.hs
+++ b/Network/TLS/Extra/Connection.hs
@@ -9,7 +9,7 @@
 	( connectionClient
 	) where
 
-import Crypto.Random
+import Crypto.Random.API
 import Control.Applicative ((<$>))
 import Control.Exception
 import Data.Char
@@ -33,7 +33,7 @@
 --
 -- will make a new RNG (using system entropy) and connect to IP 192.168.2.2
 -- on port 7777.
-connectionClient :: CryptoRandomGen g => String -> String -> TLSParams -> g -> IO Context
+connectionClient :: CPRG g => String -> String -> TLSParams -> g -> IO Context
 connectionClient s p params rng = do
 	pn <- if and $ map isDigit $ p
 		then return $ fromIntegral $ (read p :: Int)
diff --git a/tls-extra.cabal b/tls-extra.cabal
--- a/tls-extra.cabal
+++ b/tls-extra.cabal
@@ -1,5 +1,5 @@
 Name:                tls-extra
-Version:             0.5.1
+Version:             0.6.0
 Description:
    a set of extra definitions, default values and helpers for tls.
 License:             BSD3
@@ -24,15 +24,17 @@
 
 Library
   Build-Depends:     base > 3 && < 5
-                   , tls >= 1.0.0 && < 1.1.0
+                   , tls >= 1.1.0 && < 1.2.0
                    , mtl
                    , network >= 2.3
                    , cryptohash >= 0.6
                    , bytestring
                    , vector
-                   , crypto-api >= 0.5
-                   , cryptocipher >= 0.3.0 && < 0.4.0
+                   , cipher-rc4
+                   , cipher-aes >= 0.1 && < 0.2
                    , certificate >= 1.3.0 && < 1.4.0
+                   , crypto-pubkey
+                   , crypto-random-api
                    , pem >= 0.1.0 && < 0.2.0
                    , text >= 0.5 && < 1.0
                    , time
@@ -46,9 +48,6 @@
   ghc-options:       -Wall -fno-warn-missing-signatures
   if os(windows)
     cpp-options:     -DNOCERTVERIFY
-  if os(linux) && flag(fastaes) && (arch(i386) || arch(x86_64))
-    cpp-options:     -DCIPHER_AES
-    Build-Depends:   cipher-aes >= 0.1 && < 0.2
 
 executable           Tests
   Main-is:           Tests.hs
@@ -63,7 +62,7 @@
     Buildable:       False
   if os(windows)
     cpp-options:     -DNOCERTVERIFY
-  if os(linux) && flag(fastaes)
+  if flag(fastaes)
     cpp-options:     -DCIPHER_AES
     Build-Depends:   cipher-aes >= 0.1 && < 0.2
 
