diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6f10b48f..379c3dd5 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@
 ### Improvement
 
 - Refactor: lots of minor improvements
+- Change the certificate verifier from `rustls-native-certs` to `rustls-platform-verifier` to use the system's default root cert store for better client (forwarder) performance in `hyper-rustls`.
 
 
 ## 0.7.1
diff --git a/Cargo.toml b/Cargo.toml
index 1c86d59c..fbd57710 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,5 +1,5 @@
 [workspace.package]
-version = "0.8.0-alpha.0"
+version = "0.8.0-alpha.1"
 authors = ["Jun Kurihara"]
 homepage = "https://github.com/junkurihara/rust-rpxy"
 repository = "https://github.com/junkurihara/rust-rpxy"
diff --git a/rpxy-bin/Cargo.toml b/rpxy-bin/Cargo.toml
index ad604dcc..4e82e620 100644
--- a/rpxy-bin/Cargo.toml
+++ b/rpxy-bin/Cargo.toml
@@ -13,8 +13,8 @@ publish.workspace = true
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [features]
-# default = ["http3-quinn", "cache", "rustls-backend"]
-default = ["http3-s2n", "cache", "rustls-backend"]
+default = ["http3-quinn", "cache", "rustls-backend"]
+# default = ["http3-s2n", "cache", "rustls-backend"]
 http3-quinn = ["rpxy-lib/http3-quinn"]
 http3-s2n = ["rpxy-lib/http3-s2n"]
 native-tls-backend = ["rpxy-lib/native-tls-backend"]
@@ -42,7 +42,7 @@ async-trait = "0.1.80"
 
 
 # config
-clap = { version = "4.5.4", features = ["std", "cargo", "wrap_help"] }
+clap = { version = "4.5.6", features = ["std", "cargo", "wrap_help"] }
 toml = { version = "0.8.14", default-features = false, features = ["parse"] }
 hot_reload = "0.1.5"
 
diff --git a/rpxy-lib/Cargo.toml b/rpxy-lib/Cargo.toml
index b4d9e3ab..759798aa 100644
--- a/rpxy-lib/Cargo.toml
+++ b/rpxy-lib/Cargo.toml
@@ -13,8 +13,8 @@ publish.workspace = true
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [features]
-default = ["http3-s2n", "sticky-cookie", "cache", "rustls-backend"]
-# default = ["http3-quinn", "sticky-cookie", "cache", "rustls-backend"]
+# default = ["http3-s2n", "sticky-cookie", "cache", "rustls-backend"]
+default = ["http3-quinn", "sticky-cookie", "cache", "rustls-backend"]
 http3-quinn = ["socket2", "quinn", "h3", "h3-quinn", "rpxy-certs/http3"]
 http3-s2n = [
   "h3",
@@ -64,11 +64,13 @@ hyper-tls = { version = "0.6.0", features = [
   "alpn",
   "vendored",
 ], optional = true }
-hyper-rustls = { version = "0.27.2", default-features = false, features = [
-  "ring",
-  "native-tokio",
+# TODO: Work around to enable rustls-platform-verifier feature: https://github.com/rustls/hyper-rustls/pull/276
+# hyper-rustls = { version = "0.27.2", default-features = false, features = [
+hyper-rustls = { git = "https://github.com/junkurihara/hyper-rustls", branch = "fix/builder-feature-platform-verifier", features = [
+  "aws-lc-rs",
   "http1",
   "http2",
+  "rustls-platform-verifier",
 ], optional = true }
 
 # tls and cert management for server
diff --git a/rpxy-lib/src/forwarder/client.rs b/rpxy-lib/src/forwarder/client.rs
index 9be7b005..c5bc39ab 100644
--- a/rpxy-lib/src/forwarder/client.rs
+++ b/rpxy-lib/src/forwarder/client.rs
@@ -212,21 +212,18 @@ where
     info!("Mozilla WebPKI root certs with rustls is used for the connection to backend applications");
 
     #[cfg(not(feature = "rustls-backend-webpki"))]
-    let builder = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots()?;
+    let builder = hyper_rustls::HttpsConnectorBuilder::new().with_platform_verifier();
     #[cfg(not(feature = "rustls-backend-webpki"))]
-    let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_native_roots()?;
+    let builder_h2 = hyper_rustls::HttpsConnectorBuilder::new().with_platform_verifier();
     #[cfg(not(feature = "rustls-backend-webpki"))]
-    info!("Native cert store with rustls is used for the connection to backend applications");
+    info!("Platform verifier with rustls is used for the connection to backend applications");
 
     let mut http = HttpConnector::new();
     http.enforce_http(false);
     http.set_reuse_address(true);
     http.set_keepalive(Some(_globals.proxy_config.upstream_idle_timeout));
 
-    let connector = builder
-      .https_or_http()
-      .enable_all_versions()
-      .wrap_connector(http.clone());
+    let connector = builder.https_or_http().enable_all_versions().wrap_connector(http.clone());
     let connector_h2 = builder_h2.https_or_http().enable_http2().wrap_connector(http);
     let inner = Client::builder(LocalExecutor::new(_globals.runtime_handle.clone())).build::<_, B1>(connector);
     let inner_h2 = Client::builder(LocalExecutor::new(_globals.runtime_handle.clone())).build::<_, B1>(connector_h2);
@@ -243,10 +240,7 @@ where
 #[cfg(feature = "cache")]
 /// Build synthetic request to cache
 fn build_synth_req_for_cache<T>(req: &Request<T>) -> Request<()> {
-  let mut builder = Request::builder()
-    .method(req.method())
-    .uri(req.uri())
-    .version(req.version());
+  let mut builder = Request::builder().method(req.method()).uri(req.uri()).version(req.version());
   // TODO: omit extensions. is this approach correct?
   for (header_key, header_value) in req.headers() {
     builder = builder.header(header_key, header_value);