diff --git a/.github/workflows/ci-post-merge.yml b/.github/workflows/ci-post-merge.yml
index 8103a742..88bbceb6 100644
--- a/.github/workflows/ci-post-merge.yml
+++ b/.github/workflows/ci-post-merge.yml
@@ -44,12 +44,12 @@ jobs:
 
       - name: Install OpenSSL
         if: matrix.target.os == 'windows-latest'
-        run: choco install openssl -y --forcex64 --no-progress
-      - name: Set OpenSSL dir in env
-        if: matrix.target.os == 'windows-latest'
+        shell: bash
         run: |
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL-Win64' | Out-File -FilePath $env:GITHUB_ENV -Append
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' | Out-File -FilePath $env:GITHUB_ENV -Append
+          set -e
+          choco install openssl --version=1.1.1.2100 -y --no-progress
+          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' >> $GITHUB_ENV
+          echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV
 
       - name: Install Rust (${{ matrix.version }})
         uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f829d8b9..4f29e0b9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -46,12 +46,12 @@ jobs:
 
       - name: Install OpenSSL
         if: matrix.target.os == 'windows-latest'
-        run: choco install openssl -y --forcex64 --no-progress
-      - name: Set OpenSSL dir in env
-        if: matrix.target.os == 'windows-latest'
+        shell: bash
         run: |
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL-Win64' | Out-File -FilePath $env:GITHUB_ENV -Append
-          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' | Out-File -FilePath $env:GITHUB_ENV -Append
+          set -e
+          choco install openssl --version=1.1.1.2100 -y --no-progress
+          echo 'OPENSSL_DIR=C:\Program Files\OpenSSL' >> $GITHUB_ENV
+          echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV
 
       - name: Install Rust (${{ matrix.version.name }})
         uses: actions-rust-lang/setup-rust-toolchain@v1.8.0
diff --git a/actix-tls/CHANGES.md b/actix-tls/CHANGES.md
index 8f7e8a3c..57932a30 100644
--- a/actix-tls/CHANGES.md
+++ b/actix-tls/CHANGES.md
@@ -2,6 +2,8 @@
 
 ## Unreleased
 
+## 3.3.0
+
 - Add `rustls-0_22` create feature which excludes any root certificate methods or re-exports.
 
 ## 3.2.0
diff --git a/actix-tls/Cargo.toml b/actix-tls/Cargo.toml
index f103d447..7078efeb 100755
--- a/actix-tls/Cargo.toml
+++ b/actix-tls/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "actix-tls"
-version = "3.2.0"
+version = "3.3.0"
 authors = [
     "Nikolay Kim <fafhrd91@gmail.com>",
     "Rob Ede <robjtede@icloud.com>",
diff --git a/actix-tls/README.md b/actix-tls/README.md
new file mode 100644
index 00000000..555a601b
--- /dev/null
+++ b/actix-tls/README.md
@@ -0,0 +1,21 @@
+# `actix-tls`
+
+> TLS acceptor and connector services for the Actix ecosystem.
+
+<!-- prettier-ignore-start -->
+
+[![crates.io](https://img.shields.io/crates/v/actix-tls?label=latest)](https://crates.io/crates/actix-tls)
+[![Documentation](https://docs.rs/actix-tls/badge.svg?version=3.3.0)](https://docs.rs/actix-tls/3.3.0)
+[![Version](https://img.shields.io/badge/rustc-1.52+-ab6000.svg)](https://blog.rust-lang.org/2021/05/06/Rust-1.52.0.html)
+![MIT or Apache 2.0 licensed](https://img.shields.io/crates/l/actix-tls.svg)
+<br />
+[![Dependency Status](https://deps.rs/crate/actix-tls/3.3.0/status.svg)](https://deps.rs/crate/actix-tls/3.3.0)
+![Download](https://img.shields.io/crates/d/actix-tls.svg)
+[![Chat on Discord](https://img.shields.io/discord/771444961383153695?label=chat&logo=discord)](https://discord.gg/NWpN5mmg3x)
+
+<!-- prettier-ignore-end -->
+
+## Resources
+
+- [Library Documentation](https://docs.rs/actix-tls)
+- [Examples](/actix-tls/examples)
diff --git a/actix-tls/src/connect/rustls_0_22.rs b/actix-tls/src/connect/rustls_0_22.rs
index bb6f5f83..c3e8b35d 100644
--- a/actix-tls/src/connect/rustls_0_22.rs
+++ b/actix-tls/src/connect/rustls_0_22.rs
@@ -16,9 +16,8 @@ use actix_utils::future::{ok, Ready};
 use futures_core::ready;
 use rustls_pki_types_1::ServerName;
 use tokio_rustls::{
-    client::TlsStream as AsyncTlsStream,
-    rustls::{ClientConfig, RootCertStore},
-    Connect as RustlsConnect, TlsConnector as RustlsTlsConnector,
+    client::TlsStream as AsyncTlsStream, rustls::ClientConfig, Connect as RustlsConnect,
+    TlsConnector as RustlsTlsConnector,
 };
 use tokio_rustls_025 as tokio_rustls;
 
@@ -36,8 +35,8 @@ pub mod reexports {
 ///
 /// See [`rustls_native_certs::load_native_certs()`] for more info on behavior and errors.
 #[cfg(feature = "rustls-0_22-native-roots")]
-pub fn native_roots_cert_store() -> io::Result<RootCertStore> {
-    let mut root_certs = RootCertStore::empty();
+pub fn native_roots_cert_store() -> io::Result<tokio_rustls::rustls::RootCertStore> {
+    let mut root_certs = tokio_rustls::rustls::RootCertStore::empty();
 
     for cert in rustls_native_certs_07::load_native_certs()? {
         root_certs.add(cert).unwrap();
@@ -48,8 +47,8 @@ pub fn native_roots_cert_store() -> io::Result<RootCertStore> {
 
 /// Returns standard root certificates from `webpki-roots` crate as a rustls certificate store.
 #[cfg(feature = "rustls-0_22-webpki-roots")]
-pub fn webpki_roots_cert_store() -> RootCertStore {
-    let mut root_certs = RootCertStore::empty();
+pub fn webpki_roots_cert_store() -> tokio_rustls::rustls::RootCertStore {
+    let mut root_certs = tokio_rustls::rustls::RootCertStore::empty();
     root_certs.extend(webpki_roots_026::TLS_SERVER_ROOTS.to_owned());
     root_certs
 }