diff --git a/Network/Wai/Handler/WarpTLS.hs b/Network/Wai/Handler/WarpTLS.hs
--- a/Network/Wai/Handler/WarpTLS.hs
+++ b/Network/Wai/Handler/WarpTLS.hs
@@ -33,18 +33,15 @@
 import qualified Data.Conduit.List as CL
 import Control.Exception (bracket, finally, handle)
 import qualified Network.TLS.Extra as TLSExtra
-import qualified Data.Certificate.X509 as X509
 import qualified Data.ByteString as B
-import qualified Data.Certificate.KeyRSA as KeyRSA
 import Data.Conduit.Network (bindPort)
-import Data.Either (rights)
 import Control.Applicative ((<$>))
-import qualified Data.PEM as PEM
 import Data.Conduit.Network (sourceSocket, sinkSocket, acceptSafe)
 import Data.Maybe (fromMaybe)
 import qualified Data.IORef as I
 import Control.Exception (Exception, throwIO)
 import Data.Typeable (Typeable)
+import Data.Default.Class
 import qualified Data.Conduit.Binary as CB
 #if MIN_VERSION_tls(1, 1, 3)
 import qualified Crypto.Random.AESCtr
@@ -100,7 +97,7 @@
     { certFile = "certificate.pem"
     , keyFile = "key.pem"
     , onInsecure = DenyInsecure "This server only accepts secure HTTPS connections."
-    , tlsLogging = TLS.defaultLogging
+    , tlsLogging = def
     , tlsAllowedVersions = [TLS.SSL3,TLS.TLS10,TLS.TLS11,TLS.TLS12]
     , tlsCiphers = ciphers
     }
@@ -109,16 +106,16 @@
 --   specified 'Socket'.
 runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO ()
 runTLSSocket TLSSettings {..} set sock app = do
-    certs   <- readCertificates certFile
-    pk      <- readPrivateKey keyFile
-    let params =
-            TLS.updateServerParams
-                (\sp -> sp { TLS.serverWantClientCert = False }) $
-            TLS.defaultParamsServer
-            { TLS.pAllowedVersions = tlsAllowedVersions
-            , TLS.pCiphers         = tlsCiphers
-            , TLS.pCertificates    = zip certs $ (Just pk):repeat Nothing
-            , TLS.pLogging         = tlsLogging
+    credential <- either error id <$> TLS.credentialLoadX509 certFile keyFile
+    let params = def
+            { TLS.serverWantClientCert = False
+            , TLS.serverSupported = def
+                { TLS.supportedVersions = tlsAllowedVersions
+                , TLS.supportedCiphers  = tlsCiphers
+                }
+            , TLS.serverShared = def
+                { TLS.sharedCredentials = TLS.Credentials [credential]
+                }
             }
     runSettingsConnectionMaker set (getter params) app
   where
@@ -149,6 +146,7 @@
                             }
                         params
                         gen
+                    TLS.contextHookSetLogging ctx tlsLogging
                     TLS.handshake ctx
                     buf <- allocateBuffer bufferSize
                     let conn = Connection
@@ -210,24 +208,3 @@
     , TLSExtra.cipher_RC4_128_MD5
     , TLSExtra.cipher_RC4_128_SHA1
     ]
-
-readCertificates :: FilePath -> IO [X509.X509]
-readCertificates filepath = do
-    certs <- rights . parseCerts . PEM.pemParseBS <$> B.readFile filepath
-    case certs of
-        []-> error "no valid certificate found"
-        x -> return x
-    where parseCerts (Right pems) = map (X509.decodeCertificate . L.fromChunks . (:[]) . PEM.pemContent)
-                                  $ filter (flip elem ["CERTIFICATE", "TRUSTED CERTIFICATE"] . PEM.pemName) pems
-          parseCerts (Left err) = error $ "cannot parse PEM file: " ++ err
-
-readPrivateKey :: FilePath -> IO TLS.PrivateKey
-readPrivateKey filepath = do
-    pk <- rights . parseKey . PEM.pemParseBS <$> B.readFile filepath
-    case pk of
-        []    -> error "no valid RSA key found"
-        (x:_) -> return x
-
-    where parseKey (Right pems) = map (fmap (TLS.PrivRSA . snd) . KeyRSA.decodePrivate . L.fromChunks . (:[]) . PEM.pemContent)
-                                $ filter ((== "RSA PRIVATE KEY") . PEM.pemName) pems
-          parseKey (Left err) = error $ "Cannot parse PEM file: " ++ err
diff --git a/warp-tls.cabal b/warp-tls.cabal
--- a/warp-tls.cabal
+++ b/warp-tls.cabal
@@ -1,5 +1,5 @@
 Name:                warp-tls
-Version:             2.0.1
+Version:             2.0.2
 Synopsis:            HTTP over SSL/TLS support for Warp via the TLS package
 License:             MIT
 License-file:        LICENSE
@@ -12,9 +12,6 @@
 Stability:           Stable
 Description:         HTTP over SSL/TLS support for Warp via the TLS package.
 
-flag tls_1_1_3
-    default: True
-
 Library
   Build-Depends:     base                          >= 4        && < 5
                    , bytestring                    >= 0.9
@@ -23,20 +20,10 @@
                    , transformers                  >= 0.2
                    , conduit                       >= 0.5      && < 1.1
                    , network-conduit               >= 0.6      && < 1.1
-                   , certificate                   >= 1.2
-                   , pem                           >= 0.1
-                   , cryptocipher                  >= 0.3
-                   , tls-extra                     >= 0.6
-                   , tls                           >= 1.1
-                   , crypto-random-api             >= 0.2
+                   , data-default-class            >= 0.0.1
+                   , tls                           >= 1.2.1
                    , network                       >= 2.2.1
-                   , cprng-aes                     >= 0.3.4
-  if flag(tls_1_1_3)
-      build-depends: tls >= 1.1.3
-                   , cprng-aes >= 0.5.0
-  else
-      build-depends: tls < 1.1.3
-                   , cprng-aes < 0.5.0
+                   , cprng-aes                     >= 0.5.0
   Exposed-modules:   Network.Wai.Handler.WarpTLS
   ghc-options:       -Wall
 
