diff --git a/actix-http/Cargo.toml b/actix-http/Cargo.toml
index 27431a2d2..7ff63894d 100644
--- a/actix-http/Cargo.toml
+++ b/actix-http/Cargo.toml
@@ -27,7 +27,7 @@ default = []
 openssl = ["actix-tls/openssl"]
 
 # rustls support
-rustls = ["actix-tls/rustls"]
+rustls = ["actix-tls/rustls", "tls-rustls"]
 
 # enable compression support
 compress-brotli = ["brotli2", "__compress"]
@@ -81,6 +81,7 @@ flate2 = { version = "1.0.13", optional = true }
 zstd = { version = "0.7", optional = true }
 
 trust-dns-resolver = { version = "0.20.0", optional = true }
+tls-rustls = { version = "0.20.0", package = "rustls", optional = true }
 
 [dev-dependencies]
 actix-server = "2.0.0-beta.3"
@@ -94,7 +95,7 @@ regex = "1.3"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 tls-openssl = { version = "0.10", package = "openssl" }
-tls-rustls = { version = "0.19", package = "rustls" }
+tls-rustls = { version = "0.20", package = "rustls" }
 webpki = { version = "0.21" }
 
 [[example]]
diff --git a/actix-http/src/client/connector.rs b/actix-http/src/client/connector.rs
index bde5e4853..8cb84733e 100644
--- a/actix-http/src/client/connector.rs
+++ b/actix-http/src/client/connector.rs
@@ -100,11 +100,24 @@ impl Connector<()> {
     // Build Ssl connector with rustls, based on supplied alpn protocols
     #[cfg(all(not(feature = "openssl"), feature = "rustls"))]
     fn build_ssl(protocols: Vec<Vec<u8>>) -> SslConnector {
-        let mut config = ClientConfig::new();
-        config.set_protocols(&protocols);
-        config.root_store.add_server_trust_anchors(
-            &actix_tls::connect::ssl::rustls::TLS_SERVER_ROOTS,
-        );
+        let anchors = &actix_tls::connect::ssl::rustls::TLS_SERVER_ROOTS;
+        let mut config = ClientConfig::builder()
+            .with_safe_defaults()
+            .with_root_certificates(tls_rustls::RootCertStore {
+                roots: anchors
+                    .0
+                    .into_iter()
+                    .map(|anchor| {
+                        tls_rustls::OwnedTrustAnchor::from_subject_spki_name_constraints(
+                            anchor.subject,
+                            anchor.spki,
+                            anchor.name_constraints,
+                        )
+                    })
+                    .collect(),
+            })
+            .with_no_client_auth();
+        config.alpn_protocols = protocols;
         SslConnector::Rustls(std::sync::Arc::new(config))
     }
 
diff --git a/awc/Cargo.toml b/awc/Cargo.toml
index 262c3dce5..0d80ffc14 100644
--- a/awc/Cargo.toml
+++ b/awc/Cargo.toml
@@ -74,7 +74,7 @@ serde = "1.0"
 serde_json = "1.0"
 serde_urlencoded = "0.7"
 tls-openssl = { version = "0.10.9", package = "openssl", optional = true }
-tls-rustls = { version = "0.19.0", package = "rustls", optional = true, features = ["dangerous_configuration"] }
+tls-rustls = { version = "0.20.0", package = "rustls", optional = true, features = ["dangerous_configuration"] }
 
 [dev-dependencies]
 actix-web = { version = "4.0.0-beta.9", features = ["openssl"] }