diff --git a/Cargo.toml b/Cargo.toml
index bc9bf1638..002de45d2 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -40,7 +40,7 @@ tower-service = "0.3"
 tokio-tungstenite = { version = "0.18", optional = true }
 percent-encoding = "2.1"
 pin-project = "1.0"
-tokio-rustls = { version = "0.23", optional = true }
+tokio-rustls = { version = "0.24", optional = true }
 rustls-pemfile = "1.0"
 
 [dev-dependencies]
diff --git a/src/tls.rs b/src/tls.rs
index 1f81a6bd2..96b6ed74e 100644
--- a/src/tls.rs
+++ b/src/tls.rs
@@ -221,18 +221,19 @@ impl TlsConfigBuilder {
         }
 
         let client_auth = match self.client_auth {
-            TlsClientAuth::Off => NoClientAuth::new(),
+            TlsClientAuth::Off => NoClientAuth::boxed(),
             TlsClientAuth::Optional(trust_anchor) => {
                 AllowAnyAnonymousOrAuthenticatedClient::new(read_trust_anchor(trust_anchor)?)
+                    .boxed()
             }
             TlsClientAuth::Required(trust_anchor) => {
-                AllowAnyAuthenticatedClient::new(read_trust_anchor(trust_anchor)?)
+                AllowAnyAuthenticatedClient::new(read_trust_anchor(trust_anchor)?).boxed()
             }
         };
 
         let mut config = ServerConfig::builder()
             .with_safe_defaults()
-            .with_client_cert_verifier(client_auth.into())
+            .with_client_cert_verifier(client_auth)
             .with_single_cert_with_ocsp_and_sct(cert, key, self.ocsp_resp, Vec::new())
             .map_err(TlsConfigError::InvalidKey)?;
         config.alpn_protocols = vec!["h2".into(), "http/1.1".into()];