diff --git a/Cargo.lock b/Cargo.lock
index bfc3a13..207211f 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -510,6 +510,15 @@ dependencies = [
  "slab",
 ]
 
+[[package]]
+name = "fxhash"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c31b6d751ae2c7f11320402d34e41349dd1016f8d5d45e48c4312bc8625af50c"
+dependencies = [
+ "byteorder",
+]
+
 [[package]]
 name = "generic-array"
 version = "0.12.4"
@@ -1261,11 +1270,12 @@ dependencies = [
  "ctrlc",
  "futures-util",
  "hyper",
- "quinn",
+ "quinn 0.8.5",
  "rand",
  "rcgen",
  "reqwest",
  "rmp-serde",
+ "rustls 0.20.4",
  "structopt",
  "tokio",
  "tracing",
@@ -1280,7 +1290,7 @@ dependencies = [
  "blake3",
  "fltk",
  "ptth_quic",
- "quinn",
+ "quinn 0.7.2",
  "rand",
  "rand_chacha",
  "reqwest",
@@ -1416,7 +1426,7 @@ dependencies = [
  "lazy_static",
  "libc",
  "mio 0.7.13",
- "quinn-proto",
+ "quinn-proto 0.7.3",
  "rustls 0.19.1",
  "socket2 0.3.19",
  "thiserror",
@@ -1425,6 +1435,25 @@ dependencies = [
  "webpki 0.21.4",
 ]
 
+[[package]]
+name = "quinn"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b435e71d9bfa0d8889927231970c51fb89c58fa63bffcab117c9c7a41e5ef8f"
+dependencies = [
+ "bytes",
+ "futures-channel",
+ "futures-util",
+ "fxhash",
+ "quinn-proto 0.8.4",
+ "quinn-udp",
+ "rustls 0.20.4",
+ "thiserror",
+ "tokio",
+ "tracing",
+ "webpki 0.22.0",
+]
+
 [[package]]
 name = "quinn-proto"
 version = "0.7.3"
@@ -1436,7 +1465,7 @@ dependencies = [
  "rand",
  "ring",
  "rustls 0.19.1",
- "rustls-native-certs",
+ "rustls-native-certs 0.5.0",
  "slab",
  "thiserror",
  "tinyvec",
@@ -1444,6 +1473,40 @@ dependencies = [
  "webpki 0.21.4",
 ]
 
+[[package]]
+name = "quinn-proto"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3fce546b9688f767a57530652488420d419a8b1f44a478b451c3d1ab6d992a55"
+dependencies = [
+ "bytes",
+ "fxhash",
+ "rand",
+ "ring",
+ "rustls 0.20.4",
+ "rustls-native-certs 0.6.2",
+ "rustls-pemfile 0.2.1",
+ "slab",
+ "thiserror",
+ "tinyvec",
+ "tracing",
+ "webpki 0.22.0",
+]
+
+[[package]]
+name = "quinn-udp"
+version = "0.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9f832d8958db3e84d2ec93b5eb2272b45aa23cf7f8fe6e79f578896f4e6c231b"
+dependencies = [
+ "futures-util",
+ "libc",
+ "quinn-proto 0.8.4",
+ "socket2 0.4.4",
+ "tokio",
+ "tracing",
+]
+
 [[package]]
 name = "quote"
 version = "1.0.9"
@@ -1575,7 +1638,7 @@ dependencies = [
  "percent-encoding",
  "pin-project-lite",
  "rustls 0.20.4",
- "rustls-pemfile",
+ "rustls-pemfile 0.3.0",
  "serde",
  "serde_json",
  "serde_urlencoded",
@@ -1698,6 +1761,27 @@ dependencies = [
  "security-framework",
 ]
 
+[[package]]
+name = "rustls-native-certs"
+version = "0.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0167bac7a9f490495f3c33013e7722b53cb087ecbe082fb0c6387c96f634ea50"
+dependencies = [
+ "openssl-probe",
+ "rustls-pemfile 1.0.1",
+ "schannel",
+ "security-framework",
+]
+
+[[package]]
+name = "rustls-pemfile"
+version = "0.2.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5eebeaeb360c87bfb72e84abdb3447159c0eaececf1bef2aecd65a8be949d1c9"
+dependencies = [
+ "base64",
+]
+
 [[package]]
 name = "rustls-pemfile"
 version = "0.3.0"
@@ -1707,6 +1791,15 @@ dependencies = [
  "base64",
 ]
 
+[[package]]
+name = "rustls-pemfile"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0864aeff53f8c05aa08d86e5ef839d3dfcf07aeba2db32f12db0ef716e87bd55"
+dependencies = [
+ "base64",
+]
+
 [[package]]
 name = "rusty_ulid"
 version = "0.10.1"
diff --git a/crates/ptth_quic/Cargo.toml b/crates/ptth_quic/Cargo.toml
index 017f5ee..7e43a9f 100644
--- a/crates/ptth_quic/Cargo.toml
+++ b/crates/ptth_quic/Cargo.toml
@@ -14,10 +14,11 @@ ctrlc = "3.2.1"
 # fltk = "1.1.1"
 futures-util = "0.3.9"
 hyper = { version = "0.14.4", features = ["http1", "server", "stream", "tcp"] }
-quinn = "0.7.2"
+quinn = "0.8.5"
 rand = "0.8.4"
 rcgen = "0.8.11"
 rmp-serde = "0.15.5"
+rustls = "0.20.4"
 structopt = "0.3.20"
 tokio = { version = "1.8.1", features = ["full"] }
 tracing-subscriber = "0.2.16"
diff --git a/crates/ptth_quic/src/bin/ptth_quic_client.rs b/crates/ptth_quic/src/bin/ptth_quic_client.rs
index ab38277..7a9dd13 100644
--- a/crates/ptth_quic/src/bin/ptth_quic_client.rs
+++ b/crates/ptth_quic/src/bin/ptth_quic_client.rs
@@ -64,7 +64,7 @@ impl P2Client {
 		let quinn::NewConnection {
 			connection,
 			..
-		} = protocol::p2_connect_to_p3 (&self.endpoint, &conf.relay_addr, &conf.client_id).await?;
+		} = protocol::p2_connect_to_p3 (&self.endpoint, conf.relay_addr, &conf.client_id).await?;
 		
 		let client_tcp_port = conf.client_tcp_port;
 		
diff --git a/crates/ptth_quic/src/bin/ptth_quic_relay_server.rs b/crates/ptth_quic/src/bin/ptth_quic_relay_server.rs
index ac39619..4f2b420 100644
--- a/crates/ptth_quic/src/bin/ptth_quic_relay_server.rs
+++ b/crates/ptth_quic/src/bin/ptth_quic_relay_server.rs
@@ -75,7 +75,7 @@ async fn main () -> anyhow::Result <()> {
 					
 					match handle_quic_connection (Arc::clone (&relay_state), conn).await {
 						Ok (_) => (),
-						Err (e) => warn! ("handle_quic_connection {:?}", e),
+						Err (e) => warn! ("handle_quic_connection `{:?}`", e),
 					}
 					
 					let active = relay_state.stats.quic.disconnect ();
@@ -320,13 +320,15 @@ async fn handle_quic_connection (
 	
 	match peer {
 		protocol::P3Peer::P2ClientProxy (peer) => {
+			trace! ("Accepting connection from P2 client");
 			// TODO: Check authorization for P2 peers
 			
 			protocol::p3_authorize_p2_peer (&mut send).await?;
 			handle_p2_connection (relay_state, conn, peer).await?;
 		},
 		protocol::P3Peer::P4ServerProxy (peer) => {
-			// TODO: Check authorization for P2 peers
+			trace! ("Accepting connection from P4 end server");
+			// TODO: Check authorization for P4 peers
 			
 			protocol::p3_authorize_p4_peer (&mut send).await?;
 			handle_p4_connection (relay_state, conn, peer).await?;
diff --git a/crates/ptth_quic/src/executable_end_server.rs b/crates/ptth_quic/src/executable_end_server.rs
index 769eda1..4033d58 100644
--- a/crates/ptth_quic/src/executable_end_server.rs
+++ b/crates/ptth_quic/src/executable_end_server.rs
@@ -22,6 +22,7 @@ struct Opt {
 }
 
 pub async fn main (args: &[OsString], shutdown_rx: Option <watch::Receiver <bool>>) -> anyhow::Result <()> {
+	trace! ("executable_end_server::main");
 	let opt = Opt::from_iter (args);
 	let conf = opt.into_config ().await?;
 	
@@ -119,7 +120,7 @@ impl P4EndServer {
 			..
 		} = protocol::p4_connect_to_p3 (
 			&self.endpoint, 
-			&self.conf.relay_addr, 
+			self.conf.relay_addr, 
 			&self.conf.id
 		).await?;
 		
diff --git a/crates/ptth_quic/src/protocol.rs b/crates/ptth_quic/src/protocol.rs
index 9bc24e5..c0cd600 100644
--- a/crates/ptth_quic/src/protocol.rs
+++ b/crates/ptth_quic/src/protocol.rs
@@ -31,7 +31,7 @@ impl Command {
 
 pub async fn p2_connect_to_p3 (
 	endpoint: &quinn::Endpoint,
-	relay_addr: &std::net::SocketAddr,
+	relay_addr: std::net::SocketAddr,
 	client_id: &str,
 ) -> Result <quinn::NewConnection> 
 {
@@ -249,7 +249,7 @@ pub async fn p3_authorize_p2_to_p4_direc (
 
 pub async fn p4_connect_to_p3 (
 	endpoint: &quinn::Endpoint,
-	relay_addr: &std::net::SocketAddr,
+	relay_addr: std::net::SocketAddr,
 	server_id: &str,
 ) -> Result <quinn::NewConnection> 
 {
diff --git a/crates/ptth_quic/src/quinn_utils.rs b/crates/ptth_quic/src/quinn_utils.rs
index 2eaba64..b87f74d 100644
--- a/crates/ptth_quic/src/quinn_utils.rs
+++ b/crates/ptth_quic/src/quinn_utils.rs
@@ -8,8 +8,8 @@ use std::{
 };
 
 use quinn::{
-	Certificate, CertificateChain, ClientConfig, ClientConfigBuilder, Endpoint, Incoming,
-	PrivateKey, ServerConfig, ServerConfigBuilder, TransportConfig,
+	ClientConfig, Endpoint, Incoming,
+	ServerConfig, TransportConfig,
 };
 
 /// Constructs a QUIC endpoint configured for use a client only.
@@ -28,9 +28,8 @@ pub fn make_client_endpoint(
 	
 	client_cfg.transport = Arc::new (transport);
 	
-	let mut endpoint_builder = Endpoint::builder ();
-	endpoint_builder.default_client_config (client_cfg);
-	let (endpoint, _incoming) = endpoint_builder.bind(&bind_addr)?;
+	let mut endpoint = Endpoint::client (bind_addr)?;
+	endpoint.set_default_client_config (client_cfg);
 	Ok(endpoint)
 }
 
@@ -44,9 +43,7 @@ pub fn make_client_endpoint(
 #[allow(unused)]
 pub fn make_server_endpoint(bind_addr: SocketAddr) -> anyhow::Result<(Incoming, Vec<u8>)> {
 	let (server_config, server_cert) = configure_server()?;
-	let mut endpoint_builder = Endpoint::builder();
-	endpoint_builder.listen(server_config);
-	let (_endpoint, incoming) = endpoint_builder.bind(&bind_addr)?;
+	let (_endpoint, incoming) = Endpoint::server (server_config, bind_addr)?;
 	Ok((incoming, server_cert))
 }
 
@@ -55,29 +52,28 @@ pub fn make_server_endpoint(bind_addr: SocketAddr) -> anyhow::Result<(Incoming,
 /// ## Args
 ///
 /// - server_certs: a list of trusted certificates in DER format.
-fn configure_client(server_certs: &[&[u8]]) -> anyhow::Result<ClientConfig> {
-	let mut cfg_builder = ClientConfigBuilder::default();
+fn configure_client (server_certs: &[&[u8]]) -> anyhow::Result<ClientConfig> {
+	let mut certs = rustls::RootCertStore::empty ();
 	for cert in server_certs {
-		cfg_builder.add_certificate_authority(Certificate::from_der(cert)?)?;
+		certs.add (&rustls::Certificate (cert.to_vec ()))?;
 	}
-	Ok(cfg_builder.build())
+	
+	Ok (ClientConfig::with_root_certificates (certs))
 }
 
 /// Returns default server configuration along with its certificate.
 #[allow(clippy::field_reassign_with_default)] // https://github.com/rust-lang/rust-clippy/issues/6527
-fn configure_server() -> anyhow::Result<(ServerConfig, Vec<u8>)> {
+fn configure_server () -> anyhow::Result<(ServerConfig, Vec<u8>)> {
 	let cert = rcgen::generate_simple_self_signed(vec!["localhost".into()]).unwrap();
 	let cert_der = cert.serialize_der().unwrap();
 	let priv_key = cert.serialize_private_key_der();
-	let priv_key = PrivateKey::from_der(&priv_key)?;
-
-	let mut transport_config = TransportConfig::default();
-	transport_config.max_concurrent_uni_streams(0).unwrap();
-	let mut server_config = ServerConfig::default();
-	server_config.transport = Arc::new(transport_config);
-	let mut cfg_builder = ServerConfigBuilder::new(server_config);
-	let cert = Certificate::from_der(&cert_der)?;
-	cfg_builder.certificate(CertificateChain::from_certs(vec![cert]), priv_key)?;
-
-	Ok((cfg_builder.build(), cert_der))
+	let priv_key = rustls::PrivateKey (priv_key);
+	let cert_chain = vec! [rustls::Certificate (cert_der.clone ())];
+	
+	let mut server_config = ServerConfig::with_single_cert (cert_chain, priv_key)?;
+	Arc::get_mut (&mut server_config.transport)
+	.unwrap ()
+	.max_concurrent_uni_streams (0_u8.into ());
+	
+	Ok ((server_config, cert_der))
 }
diff --git a/docs/how-to/test-ptth-quic.md b/docs/how-to/test-ptth-quic.md
index 0504ef3..9bded33 100644
--- a/docs/how-to/test-ptth-quic.md
+++ b/docs/how-to/test-ptth-quic.md
@@ -5,7 +5,7 @@
 - Open 3 terminals in `crates/ptth_quic`
 - Use `export RUST_LOG=ptth_quic_relay_server=debug` to enable debug logging
 for the terminal that will run the relay server (P3)
-- Use `export RUST_LOG=ptth_quic_end_server=debug` for the terminal that
+- Use `export RUST_LOG=ptth_quic=debug` for the terminal that
 will run the end server (P4)
 - Use `export RUST_LOG=ptth_quic_client=debug` for the terminal that
 will run the client (P2)