diff --git a/Cargo.lock b/Cargo.lock
index 5bd94309..78af3a1d 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -275,29 +275,6 @@ dependencies = [
  "tracing",
 ]
 
-[[package]]
-name = "axum-server"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c1ad46c3ec4e12f4a4b6835e173ba21c25e484c9d02b49770bf006ce5367c036"
-dependencies = [
- "arc-swap",
- "bytes",
- "futures-util",
- "http",
- "http-body",
- "http-body-util",
- "hyper",
- "hyper-util",
- "pin-project-lite",
- "rustls 0.21.12",
- "rustls-pemfile",
- "tokio",
- "tokio-rustls 0.24.1",
- "tower 0.4.13",
- "tower-service",
-]
-
 [[package]]
 name = "axum-server"
 version = "0.7.1"
@@ -317,24 +294,25 @@ dependencies = [
  "rustls-pemfile",
  "rustls-pki-types",
  "tokio",
- "tokio-rustls 0.26.0",
+ "tokio-rustls",
  "tower 0.4.13",
  "tower-service",
 ]
 
 [[package]]
 name = "axum-server-dual-protocol"
-version = "0.6.0"
+version = "0.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7ea4cd08ae2a5f075d28fa31190163c8106a1d2d3189442494bae22b39040a0d"
+checksum = "2164551db024e87f20316d164eab9f5ad342d8188b08051ceb15ca92a60ea7b7"
 dependencies = [
- "axum-server 0.6.0",
+ "axum-server",
  "bytes",
  "http",
  "http-body-util",
  "pin-project",
+ "rustls 0.23.12",
  "tokio",
- "tokio-rustls 0.24.1",
+ "tokio-rustls",
  "tokio-util",
  "tower-layer",
  "tower-service",
@@ -500,9 +478,9 @@ dependencies = [
 
 [[package]]
 name = "cc"
-version = "1.1.11"
+version = "1.1.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5fb8dd288a69fc53a1996d7ecfbf4a20d59065bff137ce7e56bbd620de191189"
+checksum = "68064e60dbf1f17005c2fde4d07c16d8baa506fd7ffed8ccab702d93617975c7"
 dependencies = [
  "jobserver",
  "libc",
@@ -561,9 +539,9 @@ dependencies = [
 
 [[package]]
 name = "clap"
-version = "4.5.15"
+version = "4.5.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11d8838454fda655dafd3accb2b6e2bea645b9e4078abe84a22ceb947235c5cc"
+checksum = "ed6719fffa43d0d87e5fd8caeab59be1554fb028cd30edc88fc4369b17971019"
 dependencies = [
  "clap_builder",
  "clap_derive",
@@ -599,9 +577,9 @@ checksum = "1462739cb27611015575c0c11df5df7601141071f07518d56fcc1be504cbec97"
 
 [[package]]
 name = "cmake"
-version = "0.1.50"
+version = "0.1.51"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a31c789563b815f77f4250caee12365734369f942439b7defd71e18a48197130"
+checksum = "fb1e43aa7fd152b1f968787f7dbcdeb306d1867ff373c69955211876c053f91a"
 dependencies = [
  "cc",
 ]
@@ -769,7 +747,7 @@ version = "0.4.6"
 dependencies = [
  "axum",
  "axum-client-ip",
- "axum-server 0.7.1",
+ "axum-server",
  "axum-server-dual-protocol",
  "bytes",
  "conduit_admin",
@@ -1715,7 +1693,7 @@ dependencies = [
  "rustls-native-certs",
  "rustls-pki-types",
  "tokio",
- "tokio-rustls 0.26.0",
+ "tokio-rustls",
  "tower-service",
  "webpki-roots",
 ]
@@ -1997,9 +1975,9 @@ checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55"
 
 [[package]]
 name = "libc"
-version = "0.2.155"
+version = "0.2.156"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c"
+checksum = "a5f43f184355eefb8d17fc948dbecf6c13be3c141f20d834ae842193a448c72a"
 
 [[package]]
 name = "libloading"
@@ -2940,7 +2918,7 @@ dependencies = [
  "serde_urlencoded",
  "sync_wrapper 1.0.1",
  "tokio",
- "tokio-rustls 0.26.0",
+ "tokio-rustls",
  "tokio-socks",
  "tokio-util",
  "tower-service",
@@ -2980,7 +2958,7 @@ dependencies = [
 [[package]]
 name = "ruma"
 version = "0.10.1"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "assign",
  "js_int",
@@ -3002,7 +2980,7 @@ dependencies = [
 [[package]]
 name = "ruma-appservice-api"
 version = "0.10.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -3014,7 +2992,7 @@ dependencies = [
 [[package]]
 name = "ruma-client-api"
 version = "0.18.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "as_variant",
  "assign",
@@ -3037,7 +3015,7 @@ dependencies = [
 [[package]]
 name = "ruma-common"
 version = "0.13.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "as_variant",
  "base64 0.22.1",
@@ -3067,7 +3045,7 @@ dependencies = [
 [[package]]
 name = "ruma-events"
 version = "0.28.1"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "as_variant",
  "indexmap 2.4.0",
@@ -3084,15 +3062,22 @@ dependencies = [
  "thiserror",
  "tracing",
  "url",
+ "web-time 1.1.0",
  "wildmatch",
 ]
 
 [[package]]
 name = "ruma-federation-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
+ "bytes",
+ "http",
+ "httparse",
  "js_int",
+ "memchr",
+ "mime",
+ "rand",
  "ruma-common",
  "ruma-events",
  "serde",
@@ -3102,7 +3087,7 @@ dependencies = [
 [[package]]
 name = "ruma-identifiers-validation"
 version = "0.9.5"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "js_int",
  "thiserror",
@@ -3111,7 +3096,7 @@ dependencies = [
 [[package]]
 name = "ruma-identity-service-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -3121,7 +3106,7 @@ dependencies = [
 [[package]]
 name = "ruma-macros"
 version = "0.13.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "once_cell",
  "proc-macro-crate",
@@ -3136,7 +3121,7 @@ dependencies = [
 [[package]]
 name = "ruma-push-gateway-api"
 version = "0.9.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "js_int",
  "ruma-common",
@@ -3148,7 +3133,7 @@ dependencies = [
 [[package]]
 name = "ruma-server-util"
 version = "0.3.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "headers",
  "http",
@@ -3161,7 +3146,7 @@ dependencies = [
 [[package]]
 name = "ruma-signatures"
 version = "0.15.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "base64 0.22.1",
  "ed25519-dalek",
@@ -3177,7 +3162,7 @@ dependencies = [
 [[package]]
 name = "ruma-state-res"
 version = "0.11.0"
-source = "git+https://github.com/girlbossceo/ruwuma?rev=40bf9965ac30118d2f85547f2ce6b7463025841a#40bf9965ac30118d2f85547f2ce6b7463025841a"
+source = "git+https://github.com/girlbossceo/ruwuma?rev=d23a8412bd8f875cf81bbd7e20cefa03263fcd0e#d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 dependencies = [
  "itertools 0.12.1",
  "js_int",
@@ -3263,18 +3248,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "rustls"
-version = "0.21.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f56a14d1f48b391359b22f731fd4bd7e43c97f3c50eee276f3aa09c94784d3e"
-dependencies = [
- "log",
- "ring",
- "rustls-webpki 0.101.7",
- "sct",
-]
-
 [[package]]
 name = "rustls"
 version = "0.22.4"
@@ -3284,7 +3257,7 @@ dependencies = [
  "log",
  "ring",
  "rustls-pki-types",
- "rustls-webpki 0.102.6",
+ "rustls-webpki",
  "subtle",
  "zeroize",
 ]
@@ -3300,7 +3273,7 @@ dependencies = [
  "once_cell",
  "ring",
  "rustls-pki-types",
- "rustls-webpki 0.102.6",
+ "rustls-webpki",
  "subtle",
  "zeroize",
 ]
@@ -3334,16 +3307,6 @@ version = "1.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fc0a2ce646f8655401bb81e7927b812614bd5d91dbc968696be50603510fcaf0"
 
-[[package]]
-name = "rustls-webpki"
-version = "0.101.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "rustls-webpki"
 version = "0.102.6"
@@ -3408,16 +3371,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
-[[package]]
-name = "sct"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "sd-notify"
 version = "0.4.2"
@@ -3590,18 +3543,18 @@ dependencies = [
 
 [[package]]
 name = "serde"
-version = "1.0.207"
+version = "1.0.208"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5665e14a49a4ea1b91029ba7d3bca9f299e1f7cfa194388ccc20f14743e784f2"
+checksum = "cff085d2cb684faa248efb494c39b68e522822ac0de72ccf08109abde717cfb2"
 dependencies = [
  "serde_derive",
 ]
 
 [[package]]
 name = "serde_derive"
-version = "1.0.207"
+version = "1.0.208"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6aea2634c86b0e8ef2cfdc0c340baede54ec27b1e46febd7f80dffb2aa44a00e"
+checksum = "24008e81ff7613ed8e5ba0cfaf24e2c2f1e5b8a0495711e44fcd4882fca62bcf"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -3623,9 +3576,9 @@ dependencies = [
 
 [[package]]
 name = "serde_json"
-version = "1.0.124"
+version = "1.0.125"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "66ad62847a56b3dba58cc891acd13884b9c61138d330c0d7b6181713d4fce38d"
+checksum = "83c8e735a073ccf5be70aa8066aa984eaf2fa000db6c8d0100ae605b366d31ed"
 dependencies = [
  "itoa",
  "memchr",
@@ -4127,16 +4080,6 @@ dependencies = [
  "tokio-stream",
 ]
 
-[[package]]
-name = "tokio-rustls"
-version = "0.24.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081"
-dependencies = [
- "rustls 0.21.12",
- "tokio",
-]
-
 [[package]]
 name = "tokio-rustls"
 version = "0.26.0"
diff --git a/Cargo.toml b/Cargo.toml
index 0a242c51..2826c440 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -103,6 +103,10 @@ version = "0.7.1"
 default-features = false
 features = ["tls-rustls"]
 
+# to listen on both HTTP and HTTPS if listening on TLS dierctly from conduwuit for complement or sytest
+[workspace.dependencies.axum-server-dual-protocol]
+version = "0.7"
+
 [workspace.dependencies.axum-client-ip]
 version = "0.6.0"
 
@@ -307,7 +311,7 @@ version = "0.1.2"
 [workspace.dependencies.ruma]
 git = "https://github.com/girlbossceo/ruwuma"
 #branch = "conduwuit-changes"
-rev = "40bf9965ac30118d2f85547f2ce6b7463025841a"
+rev = "d23a8412bd8f875cf81bbd7e20cefa03263fcd0e"
 features = [
     "compat",
     "rand",
@@ -347,10 +351,6 @@ features = [
 	"bzip2",
 ]
 
-# to listen on both HTTP and HTTPS if listening on TLS dierctly from conduwuit for complement or sytest
-[workspace.dependencies.axum-server-dual-protocol]
-version = "0.6"
-
 # optional SHA256 media keys feature
 [workspace.dependencies.sha2]
 version = "0.10.8"
diff --git a/src/core/config/mod.rs b/src/core/config/mod.rs
index edca607e..8d6a32c6 100644
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@@ -368,8 +368,6 @@ pub struct TlsConfig {
 	pub key: String,
 	#[serde(default)]
 	/// Whether to listen and allow for HTTP and HTTPS connections (insecure!)
-	/// Only works / does something if the `axum_dual_protocol` feature flag was
-	/// built
 	pub dual_protocol: bool,
 }
 
diff --git a/src/main/Cargo.toml b/src/main/Cargo.toml
index 8dc2a34d..c002c125 100644
--- a/src/main/Cargo.toml
+++ b/src/main/Cargo.toml
@@ -48,9 +48,6 @@ default = [
 	"zstd_compression",
 ]
 
-axum_dual_protocol = [
-	"conduit-router/axum_dual_protocol",
-]
 brotli_compression = [
 	"conduit-api/brotli_compression",
 	"conduit-core/brotli_compression",
diff --git a/src/router/Cargo.toml b/src/router/Cargo.toml
index 38e6adc7..52535ecf 100644
--- a/src/router/Cargo.toml
+++ b/src/router/Cargo.toml
@@ -41,13 +41,9 @@ brotli_compression = [
 systemd = [
 	"dep:sd-notify",
 ]
-axum_dual_protocol = [
-	"dep:axum-server-dual-protocol"
-]
 
 [dependencies]
 axum-client-ip.workspace = true
-axum-server-dual-protocol.optional = true
 axum-server-dual-protocol.workspace = true
 axum-server.workspace = true
 axum.workspace = true
diff --git a/src/router/layers.rs b/src/router/layers.rs
index 2567fe08..0dbf049f 100644
--- a/src/router/layers.rs
+++ b/src/router/layers.rs
@@ -16,9 +16,9 @@ use tower::ServiceBuilder;
 use tower_http::{
 	catch_panic::CatchPanicLayer,
 	cors::{self, CorsLayer},
+	sensitive_headers::SetSensitiveHeadersLayer,
 	set_header::SetResponseHeaderLayer,
 	trace::{DefaultOnFailure, DefaultOnRequest, DefaultOnResponse, TraceLayer},
-	ServiceBuilderExt as _,
 };
 use tracing::Level;
 
@@ -47,7 +47,7 @@ pub(crate) fn build(services: &Arc<Services>) -> Result<(Router, Guard)> {
 	let layers = layers.layer(compression_layer(server));
 
 	let layers = layers
-		.sensitive_headers([header::AUTHORIZATION])
+		.layer(SetSensitiveHeadersLayer::new([header::AUTHORIZATION]))
 		.layer(axum::middleware::from_fn_with_state(Arc::clone(services), request::spawn))
 		.layer(
 			TraceLayer::new_for_http()
diff --git a/src/router/serve/tls.rs b/src/router/serve/tls.rs
index 6f58ce82..109e14d8 100644
--- a/src/router/serve/tls.rs
+++ b/src/router/serve/tls.rs
@@ -1,9 +1,11 @@
 use std::{net::SocketAddr, sync::Arc};
 
 use axum::Router;
-use axum_server::{bind_rustls, tls_rustls::RustlsConfig, Handle as ServerHandle};
-#[cfg(feature = "axum_dual_protocol")]
-use axum_server_dual_protocol::ServerExt;
+use axum_server::Handle as ServerHandle;
+use axum_server_dual_protocol::{
+	axum_server::{bind_rustls, tls_rustls::RustlsConfig},
+	ServerExt,
+};
 use conduit::{Result, Server};
 use tokio::task::JoinSet;
 use tracing::{debug, info, warn};
@@ -13,27 +15,18 @@ pub(super) async fn serve(
 ) -> Result<()> {
 	let config = &server.config;
 	let tls = config.tls.as_ref().expect("TLS configuration");
+	let certs = &tls.certs;
+	let key = &tls.key;
 
-	debug!(
-		"Using direct TLS. Certificate path {} and certificate private key path {}",
-		&tls.certs, &tls.key
-	);
+	debug!("Using direct TLS. Certificate path {certs} and certificate private key path {key}",);
 	info!(
 		"Note: It is strongly recommended that you use a reverse proxy instead of running conduwuit directly with TLS."
 	);
-	let conf = RustlsConfig::from_pem_file(&tls.certs, &tls.key).await?;
-
-	if cfg!(feature = "axum_dual_protocol") {
-		info!(
-			"conduwuit was built with axum_dual_protocol feature to listen on both HTTP and HTTPS. This will only \
-			 take effect if `dual_protocol` is enabled in `[global.tls]`"
-		);
-	}
+	let conf = RustlsConfig::from_pem_file(certs, key).await?;
 
 	let mut join_set = JoinSet::new();
 	let app = app.into_make_service_with_connect_info::<SocketAddr>();
-	if cfg!(feature = "axum_dual_protocol") && tls.dual_protocol {
-		#[cfg(feature = "axum_dual_protocol")]
+	if tls.dual_protocol {
 		for addr in &addrs {
 			join_set.spawn_on(
 				axum_server_dual_protocol::bind_dual_protocol(*addr, conf.clone())
@@ -54,13 +47,13 @@ pub(super) async fn serve(
 		}
 	}
 
-	if cfg!(feature = "axum_dual_protocol") && tls.dual_protocol {
+	if tls.dual_protocol {
 		warn!(
-			"Listening on {:?} with TLS certificate {} and supporting plain text (HTTP) connections too (insecure!)",
-			addrs, &tls.certs
+			"Listening on {addrs:?} with TLS certificate {certs} and supporting plain text (HTTP) connections too \
+			 (insecure!)",
 		);
 	} else {
-		info!("Listening on {:?} with TLS certificate {}", addrs, &tls.certs);
+		info!("Listening on {addrs:?} with TLS certificate {certs}");
 	}
 
 	while join_set.join_next().await.is_some() {}