diff --git a/Cargo.lock b/Cargo.lock
index ce1408343c1f..e8c8246d4344 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2913,6 +2913,7 @@ dependencies = [
  "rand 0.9.2",
  "reqwest 0.12.12",
  "rmcp 0.9.1",
+ "rustls 0.23.31",
  "schemars",
  "serde",
  "serde_json",
@@ -4234,23 +4235,6 @@ dependencies = [
  "rand 0.8.5",
 ]
 
-[[package]]
-name = "native-tls"
-version = "0.2.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87de3442987e9dbec73158d5c715e7ad9072fda936bb03d19d7fa10e00520f0e"
-dependencies = [
- "libc",
- "log",
- "openssl",
- "openssl-probe",
- "openssl-sys",
- "schannel",
- "security-framework 2.11.1",
- "security-framework-sys",
- "tempfile",
-]
-
 [[package]]
 name = "ndk-context"
 version = "0.1.1"
@@ -5863,6 +5847,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c0ebcbd2f03de0fc1122ad9bb24b127a5a6cd51d72604a3f3c50ac459762b6cc"
 dependencies = [
  "aws-lc-rs",
+ "log",
  "once_cell",
  "ring",
  "rustls-pki-types",
@@ -7151,16 +7136,6 @@ dependencies = [
  "syn 2.0.99",
 ]
 
-[[package]]
-name = "tokio-native-tls"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2"
-dependencies = [
- "native-tls",
- "tokio",
-]
-
 [[package]]
 name = "tokio-rustls"
 version = "0.24.1"
@@ -7212,9 +7187,11 @@ checksum = "d25a406cddcc431a75d3d9afc6a7c0f7428d4891dd973e4d54c56b46127bf857"
 dependencies = [
  "futures-util",
  "log",
- "native-tls",
+ "rustls 0.23.31",
+ "rustls-native-certs 0.8.1",
+ "rustls-pki-types",
  "tokio",
- "tokio-native-tls",
+ "tokio-rustls 0.26.2",
  "tungstenite 0.28.0",
 ]
 
@@ -7591,8 +7568,9 @@ dependencies = [
  "http 1.2.0",
  "httparse",
  "log",
- "native-tls",
  "rand 0.9.2",
+ "rustls 0.23.31",
+ "rustls-pki-types",
  "sha1",
  "thiserror 2.0.12",
  "utf-8",
diff --git a/crates/goose-server/Cargo.toml b/crates/goose-server/Cargo.toml
index cb586eef158f..fedd693aae1d 100644
--- a/crates/goose-server/Cargo.toml
+++ b/crates/goose-server/Cargo.toml
@@ -39,12 +39,13 @@ reqwest = { version = "0.12.9", features = ["json", "rustls-tls", "blocking", "m
 tokio-util = "0.7.15"
 uuid = { version = "1.11", features = ["v4"] }
 serde_path_to_error = "0.1.20"
-tokio-tungstenite = { version = "0.28.0", features = ["native-tls"] }
+tokio-tungstenite = { version = "0.28.0", features = ["rustls-tls-native-roots"] }
 url = "2.5.7"
 rand = "0.9.2"
 hex = "0.4.3"
 socket2 = "0.6.1"
 fs2 = "0.4.3"
+rustls = { version = "0.23", features = ["ring"] }
 
 [target.'cfg(windows)'.dependencies]
 winreg = { version = "0.55.0" }
diff --git a/crates/goose-server/src/tunnel/lapstone.rs b/crates/goose-server/src/tunnel/lapstone.rs
index 8449abc42611..c824a39afd71 100644
--- a/crates/goose-server/src/tunnel/lapstone.rs
+++ b/crates/goose-server/src/tunnel/lapstone.rs
@@ -477,6 +477,8 @@ async fn run_single_connection(
     server_secret: String,
     restart_tx: mpsc::Sender<()>,
 ) {
+    let _ = rustls::crypto::ring::default_provider().install_default();
+
     let worker_url = get_worker_url();
     let ws_url = worker_url
         .replace("https://", "wss://")