diff --git a/.github/workflows/libssl.yaml b/.github/workflows/libssl.yaml
index ff5f190c..e2806bc0 100644
--- a/.github/workflows/libssl.yaml
+++ b/.github/workflows/libssl.yaml
@@ -261,7 +261,7 @@ jobs:
           make package-${{ matrix.package }} PROFILE=release
 
       - name: Archive package
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: ${{ matrix.package }} package built on ${{ matrix.container }} ${{ matrix.version }}
           path: target/dist/*.${{ matrix.package }}
diff --git a/Cargo.toml b/Cargo.toml
index 57ccbb16..023c6427 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -3,7 +3,7 @@ name = "rustls-libssl"
 version = "0.2.1"
 edition = "2021"
 build = "build.rs"
-rust-version = "1.77"
+rust-version = "1.88"
 
 [lib]
 name = "ssl"
diff --git a/src/lib.rs b/src/lib.rs
index bc381d20..6d1e458d 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -11,8 +11,11 @@ use openssl_sys::{
     EVP_PKEY, SSL_ERROR_NONE, SSL_ERROR_SSL, SSL_ERROR_WANT_READ, SSL_ERROR_WANT_WRITE, X509,
     X509_STORE, X509_V_ERR_UNSPECIFIED,
 };
+
 use rustls::client::Resumption;
-use rustls::crypto::{aws_lc_rs as provider, SupportedKxGroup};
+use rustls::crypto::aws_lc_rs as provider;
+use rustls::crypto::aws_lc_rs::Ticketer;
+use rustls::crypto::SupportedKxGroup;
 use rustls::pki_types::{CertificateDer, ServerName};
 use rustls::server::{Accepted, Acceptor, ProducesTickets};
 use rustls::{
@@ -100,7 +103,7 @@ pub struct SslCipher {
     pub standard_name: &'static CStr,
     pub version: &'static CStr,
     pub description: &'static CStr,
-    rustls: &'static rustls::SupportedCipherSuite,
+    pub rustls: CipherSuite,
 }
 
 impl SslCipher {
@@ -132,7 +135,7 @@ impl SslCipher {
     }
 
     pub fn protocol_id(&self) -> u16 {
-        u16::from(self.rustls.suite())
+        u16::from(self.rustls)
     }
 
     pub fn openssl_id(&self) -> u32 {
@@ -141,7 +144,6 @@ impl SslCipher {
 }
 
 static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
     auth: constants::NID_AUTH_ECDSA,
     kx: constants::NID_KX_ECDHE,
     bits: 128,
@@ -149,10 +151,10 @@ static TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: SslCipher = SslCipher {
     standard_name: c"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
     version: c"TLSv1.2",
     description: c"ECDHE-ECDSA-AES128-GCM-SHA256  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 };
 
 static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
     auth: constants::NID_AUTH_ECDSA,
     kx: constants::NID_KX_ECDHE,
     bits: 256,
@@ -160,21 +162,21 @@ static TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: SslCipher = SslCipher {
     standard_name: c"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
     version: c"TLSv1.2",
     description: c"ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 };
 
 static TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
     auth: constants::NID_AUTH_ECDSA,
     kx: constants::NID_KX_ECDHE,
     bits: 256,
     openssl_name: c"ECDHE-ECDSA-CHACHA20-POLY1305",
     standard_name: c"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+    rustls: CipherSuite::TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
     version: c"TLSv1.2",
     description: c"ECDHE-ECDSA-CHACHA20-POLY1305  TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD\n",
 };
 
 static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
     auth: constants::NID_AUTH_RSA,
     kx: constants::NID_KX_ECDHE,
     bits: 128,
@@ -182,10 +184,10 @@ static TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: SslCipher = SslCipher {
     standard_name: c"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
     version: c"TLSv1.2",
     description: c"ECDHE-RSA-AES128-GCM-SHA256    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(128)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 };
 
 static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
     auth: constants::NID_AUTH_RSA,
     kx: constants::NID_KX_ECDHE,
     bits: 256,
@@ -193,10 +195,10 @@ static TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: SslCipher = SslCipher {
     standard_name: c"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
     version: c"TLSv1.2",
     description: c"ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH     Au=RSA   Enc=AESGCM(256)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 };
 
 static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
     auth: constants::NID_AUTH_RSA,
     kx: constants::NID_KX_ECDHE,
     bits: 256,
@@ -204,10 +206,10 @@ static TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
     standard_name: c"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
     version: c"TLSv1.2",
     description: c"ECDHE-RSA-CHACHA20-POLY1305    TLSv1.2 Kx=ECDH     Au=RSA   Enc=CHACHA20/POLY1305(256) Mac=AEAD\n",
+    rustls: CipherSuite::TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 };
 
 static TLS13_AES_128_GCM_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS13_AES_128_GCM_SHA256,
     auth: constants::NID_AUTH_ANY,
     kx: constants::NID_KX_ANY,
     bits: 128,
@@ -215,10 +217,10 @@ static TLS13_AES_128_GCM_SHA256: SslCipher = SslCipher {
     standard_name: c"TLS_AES_128_GCM_SHA256",
     version: c"TLSv1.3",
     description: c"TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(128)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS13_AES_128_GCM_SHA256,
 };
 
 static TLS13_AES_256_GCM_SHA384: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS13_AES_256_GCM_SHA384,
     auth: constants::NID_AUTH_ANY,
     kx: constants::NID_KX_ANY,
     bits: 256,
@@ -226,10 +228,10 @@ static TLS13_AES_256_GCM_SHA384: SslCipher = SslCipher {
     standard_name: c"TLS_AES_256_GCM_SHA384",
     version: c"TLSv1.3",
     description: c"TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD\n",
+    rustls: CipherSuite::TLS13_AES_256_GCM_SHA384,
 };
 
 static TLS13_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
-    rustls: &provider::cipher_suite::TLS13_CHACHA20_POLY1305_SHA256,
     auth: constants::NID_AUTH_ANY,
     kx: constants::NID_KX_ANY,
     bits: 256,
@@ -237,6 +239,7 @@ static TLS13_CHACHA20_POLY1305_SHA256: SslCipher = SslCipher {
     standard_name: c"TLS_CHACHA20_POLY1305_SHA256",
     version: c"TLSv1.3",
     description: c"TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any      Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD\n",
+    rustls: CipherSuite::TLS13_CHACHA20_POLY1305_SHA256,
 };
 
 /// Backs a server-side SSL_SESSION object
@@ -468,7 +471,7 @@ impl SslContext {
         // a ticketer. Doing so is wasteful for a client, and incompatible with miri
         // (due to calls to a foreign function, `RAND_bytes`).
         let ticketer = match !method.server_versions.is_empty() && cfg!(not(miri)) {
-            true => provider::Ticketer::new().ok(),
+            true => Ticketer::new().ok(),
             false => None,
         };
         Self {
@@ -1098,7 +1101,6 @@ impl Ssl {
         if let ConnMode::Unknown = self.mode {
             self.set_client_mode();
         }
-
         if matches!(self.conn, ConnState::Nothing) {
             self.init_client_conn()?;
         }