diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f393612..18436e9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,7 +23,7 @@ jobs:
             cpu: amd64
           #- os: windows
             #cpu: i386
-        branch: [version-1-2, version-1-4, version-1-6]
+        branch: [version-1-2, version-1-6]
         include:
           - target:
               os: linux
diff --git a/libp2pdht.nimble b/libp2pdht.nimble
index f098058..147c78d 100644
--- a/libp2pdht.nimble
+++ b/libp2pdht.nimble
@@ -10,10 +10,10 @@ skipDirs      = @["tests"]
 # Dependencies
 requires "nim >= 1.2.0",
          "nimcrypto >= 0.5.4 & < 0.6.0",
-         "bearssl >= 0.1.5 & < 0.2.0",
+         "bearssl#head",
          "chronicles >= 0.10.2 & < 0.11.0",
          "chronos >= 3.0.11 & < 3.1.0",
-         "libp2p#c7504d2446717a48a79c8b15e0f21bbfc84957ba",
+         "libp2p#unstable",
          "metrics",
          "protobufserialization >= 0.2.0 & < 0.3.0",
          "secp256k1 >= 0.5.2 & < 0.6.0",
@@ -59,4 +59,4 @@ task coverage, "generates code coverage report":
   exec("genhtml coverage/coverage.f.info --output-directory coverage/report")
   echo "Opening HTML coverage report in browser..."
   exec("open coverage/report/index.html")
-  
+
diff --git a/libp2pdht/private/eth/p2p/discoveryv5/encoding.nim b/libp2pdht/private/eth/p2p/discoveryv5/encoding.nim
index a7bc4b7..3c6f6e6 100644
--- a/libp2pdht/private/eth/p2p/discoveryv5/encoding.nim
+++ b/libp2pdht/private/eth/p2p/discoveryv5/encoding.nim
@@ -15,7 +15,7 @@
 
 import
   std/[hashes, net, options, sugar, tables],
-  bearssl,
+  bearssl/rand,
   chronicles,
   stew/[results, byteutils],
   stint,
@@ -206,13 +206,13 @@ proc encodeStaticHeader*(flag: Flag, nonce: AESGCMNonce, authSize: int):
   # TODO: assert on authSize of > 2^16?
   result.add((uint16(authSize)).toBytesBE())
 
-proc encodeMessagePacket*(rng: var BrHmacDrbgContext, c: var Codec,
+proc encodeMessagePacket*(rng: var HmacDrbgContext, c: var Codec,
     toId: NodeId, toAddr: Address, message: openArray[byte]):
     (seq[byte], AESGCMNonce) =
   var nonce: AESGCMNonce
-  brHmacDrbgGenerate(rng, nonce) # Random AESGCM nonce
+  hmacDrbgGenerate(rng, nonce) # Random AESGCM nonce
   var iv: array[ivSize, byte]
-  brHmacDrbgGenerate(rng, iv) # Random IV
+  hmacDrbgGenerate(rng, iv) # Random IV
 
   # static-header
   let authdata = c.localNode.id.toByteArrayBE()
@@ -238,7 +238,7 @@ proc encodeMessagePacket*(rng: var BrHmacDrbgContext, c: var Codec,
     # 1 byte (e.g "01c20101"). Could increase to 27 for 8 bytes requestId in
     # case this must not look like a random packet.
     var randomData: array[gcmTagSize + 4, byte]
-    brHmacDrbgGenerate(rng, randomData)
+    hmacDrbgGenerate(rng, randomData)
     messageEncrypted.add(randomData)
     discovery_session_lru_cache_misses.inc()
 
@@ -251,11 +251,11 @@ proc encodeMessagePacket*(rng: var BrHmacDrbgContext, c: var Codec,
 
   return (packet, nonce)
 
-proc encodeWhoareyouPacket*(rng: var BrHmacDrbgContext, c: var Codec,
+proc encodeWhoareyouPacket*(rng: var HmacDrbgContext, c: var Codec,
     toId: NodeId, toAddr: Address, requestNonce: AESGCMNonce, recordSeq: uint64,
     pubkey: Option[PublicKey]): seq[byte] =
   var idNonce: IdNonce
-  brHmacDrbgGenerate(rng, idNonce)
+  hmacDrbgGenerate(rng, idNonce)
 
   # authdata
   var authdata: seq[byte]
@@ -272,7 +272,7 @@ proc encodeWhoareyouPacket*(rng: var BrHmacDrbgContext, c: var Codec,
   header.add(authdata)
 
   var iv: array[ivSize, byte]
-  brHmacDrbgGenerate(rng, iv) # Random IV
+  hmacDrbgGenerate(rng, iv) # Random IV
 
   let maskedHeader = encryptHeader(toId, iv, header)
 
@@ -293,14 +293,14 @@ proc encodeWhoareyouPacket*(rng: var BrHmacDrbgContext, c: var Codec,
 
   return packet
 
-proc encodeHandshakePacket*(rng: var BrHmacDrbgContext, c: var Codec,
+proc encodeHandshakePacket*(rng: var HmacDrbgContext, c: var Codec,
     toId: NodeId, toAddr: Address, message: openArray[byte],
     whoareyouData: WhoareyouData, pubkey: PublicKey): EncodeResult[seq[byte]] =
   var header: seq[byte]
   var nonce: AESGCMNonce
-  brHmacDrbgGenerate(rng, nonce)
+  hmacDrbgGenerate(rng, nonce)
   var iv: array[ivSize, byte]
-  brHmacDrbgGenerate(rng, iv) # Random IV
+  hmacDrbgGenerate(rng, iv) # Random IV
 
   var authdata: seq[byte]
   var authdataHead: seq[byte]
diff --git a/libp2pdht/private/eth/p2p/discoveryv5/messages.nim b/libp2pdht/private/eth/p2p/discoveryv5/messages.nim
index 9573e08..da3cdb0 100644
--- a/libp2pdht/private/eth/p2p/discoveryv5/messages.nim
+++ b/libp2pdht/private/eth/p2p/discoveryv5/messages.nim
@@ -14,7 +14,7 @@
 
 import
   std/[hashes, net],
-  bearssl,
+  bearssl/rand,
   ./spr,
   ./node,
   ../../../../dht/providers_messages
@@ -130,7 +130,7 @@ template messageKind*(T: typedesc[SomeMessage]): MessageKind =
 proc hash*(reqId: RequestId): Hash =
   hash(reqId.id)
 
-proc init*(T: type RequestId, rng: var BrHmacDrbgContext): T =
+proc init*(T: type RequestId, rng: var HmacDrbgContext): T =
   var reqId = RequestId(id: newSeq[byte](8)) # RequestId must be <= 8 bytes
-  brHmacDrbgGenerate(rng, reqId.id)
+  hmacDrbgGenerate(rng, reqId.id)
   reqId
diff --git a/libp2pdht/private/eth/p2p/discoveryv5/node.nim b/libp2pdht/private/eth/p2p/discoveryv5/node.nim
index 1987751..3d1cdf2 100644
--- a/libp2pdht/private/eth/p2p/discoveryv5/node.nim
+++ b/libp2pdht/private/eth/p2p/discoveryv5/node.nim
@@ -9,7 +9,7 @@
 
 import
   std/hashes,
-  bearssl,
+  bearssl/rand,
   chronicles,
   chronos,
   nimcrypto,
@@ -119,9 +119,9 @@ func `==`*(a, b: Node): bool =
 func hash*(id: NodeId): Hash =
   hash(id.toByteArrayBE)
 
-proc random*(T: type NodeId, rng: var BrHmacDrbgContext): T =
+proc random*(T: type NodeId, rng: var HmacDrbgContext): T =
   var id: NodeId
-  brHmacDrbgGenerate(addr rng, addr id, csize_t(sizeof(id)))
+  hmacDrbgGenerate(rng, addr id, csize_t(sizeof(id)))
 
   id
 
diff --git a/libp2pdht/private/eth/p2p/discoveryv5/protocol.nim b/libp2pdht/private/eth/p2p/discoveryv5/protocol.nim
index bd40c2e..fb0dd2b 100644
--- a/libp2pdht/private/eth/p2p/discoveryv5/protocol.nim
+++ b/libp2pdht/private/eth/p2p/discoveryv5/protocol.nim
@@ -54,11 +54,11 @@
 ## The result is that in an implementation which just stores buckets per
 ## logarithmic distance, it simply needs to return the right bucket. In our
 ## split-bucket implementation, this cannot be done as such and thus the closest
-## neighbours search is still done. And to do this, a reverse calculation of an
+## neighbors search is still done. And to do this, a reverse calculation of an
 ## id at given logarithmic distance is needed (which is why there is the
 ## `idAtDistance` proc). Next, nodes with invalid distances need to be filtered
 ## out to be compliant to the specification. This can most likely get further
-## optimised, but it sounds likely better to switch away from the split-bucket
+## optimized, but it sounds likely better to switch away from the split-bucket
 ## approach. I believe that the main benefit it has is improved lookups
 ## (due to no unbalanced branches), and it looks like this will be negated by
 ## limiting the returned nodes to only the ones of the requested logarithmic
@@ -81,7 +81,7 @@ import
   pkg/[chronicles, chronicles/chronos_tools],
   pkg/chronos,
   pkg/stint,
-  pkg/bearssl,
+  pkg/bearssl/rand,
   pkg/metrics
 
 import "."/[
@@ -170,7 +170,7 @@ type
     ipVote: IpVote
     enrAutoUpdate: bool
     talkProtocols*: Table[seq[byte], TalkProtocol] # TODO: Table is a bit of
-    rng*: ref BrHmacDrbgContext
+    rng*: ref HmacDrbgContext
     providers: ProvidersManager
 
   TalkProtocolHandler* = proc(p: TalkProtocol, request: seq[byte], fromId: NodeId, fromUdpAddress: Address): seq[byte]
diff --git a/libp2pdht/private/eth/p2p/discoveryv5/random2.nim b/libp2pdht/private/eth/p2p/discoveryv5/random2.nim
index 0ec72f0..986b3dd 100644
--- a/libp2pdht/private/eth/p2p/discoveryv5/random2.nim
+++ b/libp2pdht/private/eth/p2p/discoveryv5/random2.nim
@@ -1,22 +1,22 @@
-import bearssl
+import bearssl/rand
 
-## Random helpers: similar as in stdlib, but with BrHmacDrbgContext rng
+## Random helpers: similar as in stdlib, but with HmacDrbgContext rng
 # TODO: Move these somewhere else?
 const randMax = 18_446_744_073_709_551_615'u64
 
-proc rand*(rng: var BrHmacDrbgContext, max: Natural): int =
+proc rand*(rng: var HmacDrbgContext, max: Natural): int =
   if max == 0: return 0
 
   var x: uint64
   while true:
-    brHmacDrbgGenerate(addr rng, addr x, csize_t(sizeof(x)))
+    hmacDrbgGenerate(rng, addr x, csize_t(sizeof(x)))
     if x < randMax - (randMax mod (uint64(max) + 1'u64)): # against modulo bias
       return int(x mod (uint64(max) + 1'u64))
 
-proc sample*[T](rng: var BrHmacDrbgContext, a: openArray[T]): T =
+proc sample*[T](rng: var HmacDrbgContext, a: openArray[T]): T =
   result = a[rng.rand(a.high)]
 
-proc shuffle*[T](rng: var BrHmacDrbgContext, a: var openArray[T]) =
+proc shuffle*[T](rng: var HmacDrbgContext, a: var openArray[T]) =
   for i in countdown(a.high, 1):
     let j = rng.rand(i)
     swap(a[i], a[j])
diff --git a/libp2pdht/private/eth/p2p/discoveryv5/routing_table.nim b/libp2pdht/private/eth/p2p/discoveryv5/routing_table.nim
index 059241e..01c24a3 100644
--- a/libp2pdht/private/eth/p2p/discoveryv5/routing_table.nim
+++ b/libp2pdht/private/eth/p2p/discoveryv5/routing_table.nim
@@ -9,7 +9,7 @@
 
 import
   std/[algorithm, times, sequtils, bitops, sets, options, tables],
-  stint, chronicles, metrics, bearssl, chronos, stew/shims/net as stewNet,
+  stint, chronicles, metrics, bearssl/rand, chronos, stew/shims/net as stewNet,
   "."/[node, random2, spr]
 
 export options
@@ -46,7 +46,7 @@ type
     ipLimits: IpLimits ## IP limits for total routing table: all buckets and
     ## replacement caches.
     distanceCalculator: DistanceCalculator
-    rng: ref BrHmacDrbgContext
+    rng: ref HmacDrbgContext
 
   KBucket = ref object
     istart, iend: NodeId ## Range of NodeIds this KBucket covers. This is not a
@@ -278,7 +278,7 @@ proc computeSharedPrefixBits(nodes: openArray[NodeId]): int =
   doAssert(false, "Unable to calculate number of shared prefix bits")
 
 proc init*(T: type RoutingTable, localNode: Node, bitsPerHop = DefaultBitsPerHop,
-    ipLimits = DefaultTableIpLimits, rng: ref BrHmacDrbgContext,
+    ipLimits = DefaultTableIpLimits, rng: ref HmacDrbgContext,
     distanceCalculator = XorDistanceCalculator): T =
   ## Initialize the routing table for provided `Node` and bitsPerHop value.
   ## `bitsPerHop` is default set to 5 as recommended by original Kademlia paper.
diff --git a/libp2pdht/private/eth/p2p/discoveryv5/transport.nim b/libp2pdht/private/eth/p2p/discoveryv5/transport.nim
index 532419b..2cf48df 100644
--- a/libp2pdht/private/eth/p2p/discoveryv5/transport.nim
+++ b/libp2pdht/private/eth/p2p/discoveryv5/transport.nim
@@ -7,7 +7,7 @@
 # Everything below the handling of ordinary messages
 import
   std/[tables, options],
-  bearssl,
+  bearssl/rand,
   chronos,
   chronicles,
   libp2p/crypto/crypto,
@@ -27,7 +27,7 @@ type
     transp: DatagramTransport
     pendingRequests: Table[AESGCMNonce, PendingRequest]
     codec*: Codec
-    rng: ref BrHmacDrbgContext
+    rng: ref HmacDrbgContext
 
   PendingRequest = object
     node: Node
diff --git a/tests/dht/test_helper.nim b/tests/dht/test_helper.nim
index d8218de..89f5797 100644
--- a/tests/dht/test_helper.nim
+++ b/tests/dht/test_helper.nim
@@ -1,5 +1,5 @@
 import
-  bearssl,
+  bearssl/rand,
   chronos,
   libp2p/crypto/[crypto, secp],
   libp2p/multiaddress,
@@ -23,7 +23,7 @@ proc example*(T: type NodeId, rng: ref HmacDrbgContext): NodeId =
   pubKey.toNodeId().expect("Public key valid for node id")
 
 proc initDiscoveryNode*(
-    rng: ref BrHmacDrbgContext,
+    rng: ref HmacDrbgContext,
     privKey: PrivateKey,
     address: Address,
     bootstrapRecords: openArray[SignedPeerRecord] = [],
@@ -62,7 +62,7 @@ proc generateNode*(privKey: PrivateKey, port: int = 20302,
               .expect("Properly intialized private key")
   result = newNode(spr).expect("Properly initialized node")
 
-proc generateNRandomNodes*(rng: ref BrHmacDrbgContext, n: int): seq[Node] =
+proc generateNRandomNodes*(rng: ref HmacDrbgContext, n: int): seq[Node] =
   var res = newSeq[Node]()
   for i in 1..n:
     let
@@ -71,7 +71,7 @@ proc generateNRandomNodes*(rng: ref BrHmacDrbgContext, n: int): seq[Node] =
     res.add(node)
   res
 
-proc nodeAndPrivKeyAtDistance*(n: Node, rng: var BrHmacDrbgContext, d: uint32,
+proc nodeAndPrivKeyAtDistance*(n: Node, rng: var HmacDrbgContext, d: uint32,
     ip: ValidIpAddress = ValidIpAddress.init("127.0.0.1")): (Node, PrivateKey) =
   while true:
     let
@@ -80,19 +80,19 @@ proc nodeAndPrivKeyAtDistance*(n: Node, rng: var BrHmacDrbgContext, d: uint32,
     if logDistance(n.id, node.id) == d:
       return (node, privKey)
 
-proc nodeAtDistance*(n: Node, rng: var BrHmacDrbgContext, d: uint32,
+proc nodeAtDistance*(n: Node, rng: var HmacDrbgContext, d: uint32,
     ip: ValidIpAddress = ValidIpAddress.init("127.0.0.1")): Node =
   let (node, _) = n.nodeAndPrivKeyAtDistance(rng, d, ip)
   node
 
 proc nodesAtDistance*(
-    n: Node, rng: var BrHmacDrbgContext, d: uint32, amount: int,
+    n: Node, rng: var HmacDrbgContext, d: uint32, amount: int,
     ip: ValidIpAddress = ValidIpAddress.init("127.0.0.1")): seq[Node] =
   for i in 0..<amount:
     result.add(nodeAtDistance(n, rng, d, ip))
 
 proc nodesAtDistanceUniqueIp*(
-    n: Node, rng: var BrHmacDrbgContext, d: uint32, amount: int,
+    n: Node, rng: var HmacDrbgContext, d: uint32, amount: int,
     ip: ValidIpAddress = ValidIpAddress.init("127.0.0.1")): seq[Node] =
   var ta = initTAddress(ip, Port(0))
   for i in 0..<amount:
diff --git a/tests/dht/test_providers.nim b/tests/dht/test_providers.nim
index 0889c08..fecb9b9 100644
--- a/tests/dht/test_providers.nim
+++ b/tests/dht/test_providers.nim
@@ -12,7 +12,7 @@
 import
   std/[options, sequtils],
   asynctest,
-  bearssl,
+  bearssl/rand,
   chronicles,
   chronos,
   nimcrypto,
diff --git a/tests/discv5/test_discoveryv5.nim b/tests/discv5/test_discoveryv5.nim
index 78030cc..ad0066d 100644
--- a/tests/discv5/test_discoveryv5.nim
+++ b/tests/discv5/test_discoveryv5.nim
@@ -3,7 +3,7 @@
 import
   std/tables,
   chronos, chronicles, stint, asynctest, stew/shims/net,
-  stew/byteutils, bearssl,
+  stew/byteutils, bearssl/rand,
   libp2p/crypto/crypto,
   libp2pdht/discv5/[transport, spr, node, routing_table, encoding, sessions, nodes_verification],
   libp2pdht/discv5/crypto as dhtcrypto,
diff --git a/tests/discv5/test_discoveryv5_encoding.nim b/tests/discv5/test_discoveryv5_encoding.nim
index 22cf991..3eb2380 100644
--- a/tests/discv5/test_discoveryv5_encoding.nim
+++ b/tests/discv5/test_discoveryv5_encoding.nim
@@ -3,7 +3,7 @@
 import
   std/[options, sequtils, tables],
   asynctest/unittest2,
-  bearssl,
+  bearssl/rand,
   chronos,
   libp2p/crypto/secp,
   libp2pdht/discv5/[messages, messages_encoding, encoding, spr, node, sessions],
@@ -480,7 +480,7 @@ suite "Discovery v5.1 Additional Encode/Decode":
 
   test "Encrypt / Decrypt header":
     var nonce: AESGCMNonce
-    brHmacDrbgGenerate(rng[], nonce)
+    hmacDrbgGenerate(rng[], nonce)
     let
       nodeId = NodeId.example(rng)
       authdata = newSeq[byte](32)
@@ -489,7 +489,7 @@ suite "Discovery v5.1 Additional Encode/Decode":
       header = staticHeader & authdata
 
     var iv: array[128 div 8, byte]
-    brHmacDrbgGenerate(rng[], iv)
+    hmacDrbgGenerate(rng[], iv)
 
     let
       encrypted = encryptHeader(nodeId, iv, header)
@@ -538,7 +538,7 @@ suite "Discovery v5.1 Additional Encode/Decode":
 
   test "Encode / Decode Whoareyou Packet":
     var requestNonce: AESGCMNonce
-    brHmacDrbgGenerate(rng[], requestNonce)
+    hmacDrbgGenerate(rng[], requestNonce)
     let recordSeq = 0'u64
 
     let data = encodeWhoareyouPacket(rng[], codecA, nodeB.id,
@@ -559,7 +559,7 @@ suite "Discovery v5.1 Additional Encode/Decode":
 
   test "Encode / Decode Handshake Message Packet":
     var requestNonce: AESGCMNonce
-    brHmacDrbgGenerate(rng[], requestNonce)
+    hmacDrbgGenerate(rng[], requestNonce)
     let
       recordSeq = 1'u64
       m = PingMessage(sprSeq: 0)
@@ -595,7 +595,7 @@ suite "Discovery v5.1 Additional Encode/Decode":
 
   test "Encode / Decode Handshake Message Packet with SPR":
     var requestNonce: AESGCMNonce
-    brHmacDrbgGenerate(rng[], requestNonce)
+    hmacDrbgGenerate(rng[], requestNonce)
     let
       recordSeq = 0'u64
       m = PingMessage(sprSeq: 0)