diff --git a/Cargo.lock b/Cargo.lock
index ddf4cc1..f1c0778 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -308,6 +308,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
 dependencies = [
  "block-buffer",
+ "const-oid",
  "crypto-common",
  "subtle",
 ]
@@ -321,6 +322,19 @@ dependencies = [
  "litrs",
 ]
 
+[[package]]
+name = "ecdsa"
+version = "0.16.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
+dependencies = [
+ "der",
+ "digest",
+ "elliptic-curve",
+ "rfc6979",
+ "signature",
+]
+
 [[package]]
 name = "elliptic-curve"
 version = "0.13.8"
@@ -559,12 +573,12 @@ dependencies = [
 [[package]]
 name = "embedded-tls"
 version = "0.17.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6efb76fdd004a4ef787640177237b83449e6c5847765ea50bf15900061fd601"
+source = "git+https://github.com/drogue-iot/embedded-tls.git?rev=f788e02#f788e02deda787542a079cbddb5226af37aa818c"
 dependencies = [
  "aes-gcm",
  "atomic-polyfill",
  "digest",
+ "ecdsa",
  "embedded-io",
  "embedded-io-adapters",
  "embedded-io-async",
@@ -576,6 +590,7 @@ dependencies = [
  "p256",
  "rand_core",
  "sha2",
+ "signature",
  "typenum",
 ]
 
@@ -1290,8 +1305,10 @@ version = "0.13.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c9863ad85fa8f4460f9c48cb909d38a0d689dba1f6f6988a5e3e0d31071bcd4b"
 dependencies = [
+ "ecdsa",
  "elliptic-curve",
  "primeorder",
+ "sha2",
 ]
 
 [[package]]
@@ -1478,6 +1495,16 @@ version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "adad44e29e4c806119491a7f06f03de4d1af22c3a680dd47f1e6e179439d1f56"
 
+[[package]]
+name = "rfc6979"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2"
+dependencies = [
+ "hmac",
+ "subtle",
+]
+
 [[package]]
 name = "rgb"
 version = "0.8.36"
@@ -1600,6 +1627,16 @@ dependencies = [
  "digest",
 ]
 
+[[package]]
+name = "signature"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+dependencies = [
+ "digest",
+ "rand_core",
+]
+
 [[package]]
 name = "smart-leds"
 version = "0.4.0"
diff --git a/Cargo.toml b/Cargo.toml
index 2ef1773..6d62421 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -17,7 +17,7 @@ embassy-net = { version = "0.4.0", features = ["dhcpv4", "dhcpv4-hostname", "dns
 embassy-sync = { git = "https://github.com/embassy-rs/embassy.git", rev = "4b4777" }
 embassy-time = { version = "0.3.0" }
 embedded-io-async = "0.6.1"
-embedded-tls = { version = "0.17.0", default-features = false, features = ["embedded-io-adapters"] }
+embedded-tls = { git = "https://github.com/drogue-iot/embedded-tls.git", rev = "f788e02", default-features = false, features = ["embedded-io-adapters"] }
 esp-alloc = "0.3.0"
 esp-backtrace = { version = "0.11.0", features = ["esp32c3", "exception-handler", "panic-handler", "println"] }
 esp-hal = { version = "0.16.1", features = ["embassy", "embassy-time-timg0", "esp32c3"] }
diff --git a/src/mqtt.rs b/src/mqtt.rs
index b7ad187..caf5219 100644
--- a/src/mqtt.rs
+++ b/src/mqtt.rs
@@ -3,7 +3,9 @@ use core::fmt::Debug;
 use embassy_net::tcp::TcpSocket;
 use embassy_net::{dns::Error as DnsError, tcp::ConnectError};
 use embassy_time::{with_timeout, Duration, Instant, TimeoutError, Timer};
-use embedded_tls::{Aes128GcmSha256, NoVerify, TlsConfig, TlsConnection, TlsContext, TlsError};
+use embedded_tls::{
+    Aes128GcmSha256, NoVerify, TlsConfig, TlsConnection, TlsContext, TlsError, UnsecureProvider, TLS_RECORD_OVERHEAD,
+};
 use esp_backtrace as _;
 use log::{debug, error, info};
 use rand::rngs::StdRng;
@@ -115,25 +117,32 @@ pub async fn send_message(
         if let (Some(user), Some(pass)) = (option_env!("MQTT_USER"), option_env!("MQTT_PASSWORD")) {
             mqtt_config.add_username(user);
             mqtt_config.add_password(pass);
-            info!("{user}:{pass}");
+            debug!("{user}:{pass}");
         }
 
         // TLS layer
-        const TLS_BUF_LEN: usize = 1 << 12;
+        const TLS_BUF_LEN: usize = (1 << 11) + TLS_RECORD_OVERHEAD;
         let mut tls_read_record_buffer = [0; TLS_BUF_LEN];
         let mut tls_write_record_buffer = [0; TLS_BUF_LEN];
 
         #[cfg(feature = "tls")]
         let tls = {
-            let config = TlsConfig::new();
+            let mut config = TlsConfig::new();
+            #[cfg(feature = "tls-sni")]
+            config
+                .with_max_fragment_length(embedded_tls::MaxFragmentLength::Bits11)
+                .with_server_name(MQTT_SERVER_HOSTNAME);
             let mut tls = TlsConnection::new(
                 socket,
                 &mut tls_read_record_buffer,
                 &mut tls_write_record_buffer,
             );
 
-            tls.open::<_, NoVerify>(TlsContext::<Aes128GcmSha256, _>::new(&config, &mut rng))
-                .await?;
+            tls.open(TlsContext::<UnsecureProvider<Aes128GcmSha256, _>>::new(
+                &config,
+                UnsecureProvider::new(&mut rng),
+            ))
+            .await?;
             tls.flush().await?;
             tls
         };