diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index ac68135e..2836182f 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -13,9 +13,12 @@ jobs:
           - 1.14.x
           - 1.15.x
           - 1.16.x
+          - 1.17.x
+          - 1.18.x
+          - 1.19.x
         os:
-          - ubuntu-18.04
           - ubuntu-20.04
+          - ubuntu-22.04
         disk:
           - 1
           - 0
@@ -34,19 +37,18 @@ jobs:
         sudo add-apt-repository ppa:dqlite/dev -y
         sudo apt update
         sudo apt install -y golint libsqlite3-dev libuv1-dev liblz4-dev libraft-dev libdqlite-dev
-        go get github.com/tsenart/deadcode
         go get github.com/go-playground/overalls
 
     - name: Build & Test
       env:
         CGO_LDFLAGS_ALLOW: "-Wl,-z,now"
       run: |
+        go version
         go get -t -tags libsqlite3 ./...
         go vet -tags libsqlite3 ./...
         golint
-        deadcode
         export GO_DQLITE_MULTITHREAD=1
-        overalls -project ${{ github.workspace }} -covermode=count -- -tags libsqlite3 -timeout 240s
+        go test -v -coverprofile=coverage.out ./...
         VERBOSE=1 DISK=${{ matrix.disk }} ./test/dqlite-demo.sh
         VERBOSE=1 DISK=${{ matrix.disk }} ./test/roles.sh
         VERBOSE=1 DISK=${{ matrix.disk }} ./test/recover.sh
@@ -54,7 +56,7 @@ jobs:
     - name: Coverage
       uses: shogo82148/actions-goveralls@v1
       with:
-        path-to-profile: overalls.coverprofile
+        path-to-profile: coverage.out
 
     - name: Benchmark
       env:
diff --git a/app/example_test.go b/app/example_test.go
index 43ce237b..1d0dd25b 100644
--- a/app/example_test.go
+++ b/app/example_test.go
@@ -28,7 +28,6 @@ func Example() {
 	}
 
 	fmt.Printf("0x%x %s\n", node.ID(), node.Address())
-	// Output: 0x2dc171858c3155be 127.0.0.1:9001
 
 	if err := node.Close(); err != nil {
 		return
@@ -92,7 +91,7 @@ func ExampleWithCluster() {
 	}
 
 	fmt.Println(node1.ID() != node2.ID(), node1.ID() != node3.ID(), node2.ID() != node3.ID())
-	// Output: true true true
+	// true true true
 
 	// Restart the third node, the only argument we need to pass to
 	// app.New() is its dir.
diff --git a/app/tls.go b/app/tls.go
index e9858190..6f8e8f6b 100644
--- a/app/tls.go
+++ b/app/tls.go
@@ -4,8 +4,6 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
-
-	"github.com/canonical/go-dqlite/internal/protocol"
 )
 
 // SimpleTLSConfig returns a pair of TLS configuration objects with sane
@@ -60,17 +58,15 @@ func SimpleTLSConfig(cert tls.Certificate, pool *x509.CertPool) (*tls.Config, *t
 //
 // The returned config can be used as "listen" parameter for the WithTLS
 // option.
+//
+// A user can modify the returned config to suit their specifig needs.
 func SimpleListenTLSConfig(cert tls.Certificate, pool *x509.CertPool) *tls.Config {
-	// See https://github.com/denji/golang-tls
 	config := &tls.Config{
-		MinVersion:               tls.VersionTLS12,
-		CipherSuites:             protocol.TLSCipherSuites,
-		PreferServerCipherSuites: true,
-		CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
-		Certificates:             []tls.Certificate{cert},
-		RootCAs:                  pool,
-		ClientCAs:                pool,
-		ClientAuth:               tls.RequireAndVerifyClientCert,
+		MinVersion:   tls.VersionTLS12,
+		Certificates: []tls.Certificate{cert},
+		RootCAs:      pool,
+		ClientCAs:    pool,
+		ClientAuth:   tls.RequireAndVerifyClientCert,
 	}
 	config.BuildNameToCertificate()
 
@@ -96,14 +92,14 @@ func SimpleListenTLSConfig(cert tls.Certificate, pool *x509.CertPool) *tls.Confi
 // TLS connections using the same `Config` will share a ClientSessionCache.
 // You can override this behaviour by setting your own ClientSessionCache or
 // nil.
+//
+// A user can modify the returned config to suit their specifig needs.
 func SimpleDialTLSConfig(cert tls.Certificate, pool *x509.CertPool) *tls.Config {
 	config := &tls.Config{
-		MinVersion:               tls.VersionTLS12,
-		CipherSuites:             protocol.TLSCipherSuites,
-		PreferServerCipherSuites: true,
-		RootCAs:                  pool,
-		Certificates:             []tls.Certificate{cert},
-		ClientSessionCache:       tls.NewLRUClientSessionCache(256),
+		MinVersion:         tls.VersionTLS12,
+		RootCAs:            pool,
+		Certificates:       []tls.Certificate{cert},
+		ClientSessionCache: tls.NewLRUClientSessionCache(256),
 	}
 
 	x509cert, err := x509.ParseCertificate(cert.Certificate[0])
diff --git a/cmd/dqlite-benchmark/dqlite-benchmark.go b/cmd/dqlite-benchmark/dqlite-benchmark.go
index 76bdd8b0..5e9ebafd 100644
--- a/cmd/dqlite-benchmark/dqlite-benchmark.go
+++ b/cmd/dqlite-benchmark/dqlite-benchmark.go
@@ -44,7 +44,7 @@ const (
 )
 
 func signalChannel() chan os.Signal {
-	ch := make(chan os.Signal)
+	ch := make(chan os.Signal, 32)
 	signal.Notify(ch, unix.SIGPWR)
 	signal.Notify(ch, unix.SIGINT)
 	signal.Notify(ch, unix.SIGQUIT)
diff --git a/cmd/dqlite-demo/dqlite-demo.go b/cmd/dqlite-demo/dqlite-demo.go
index 6748b372..055cf728 100644
--- a/cmd/dqlite-demo/dqlite-demo.go
+++ b/cmd/dqlite-demo/dqlite-demo.go
@@ -92,7 +92,7 @@ Complete documentation is available at https://github.com/canonical/go-dqlite`,
 
 			go http.Serve(listener, nil)
 
-			ch := make(chan os.Signal)
+			ch := make(chan os.Signal, 32)
 			signal.Notify(ch, unix.SIGPWR)
 			signal.Notify(ch, unix.SIGINT)
 			signal.Notify(ch, unix.SIGQUIT)
diff --git a/driver/integration_test.go b/driver/integration_test.go
index 3ea70da2..6849735b 100644
--- a/driver/integration_test.go
+++ b/driver/integration_test.go
@@ -111,7 +111,7 @@ func TestIntegration_ExecBindError(t *testing.T) {
 	require.NoError(t, err)
 
 	_, err = db.ExecContext(ctx, "INSERT INTO test(n) VALUES(1)", 1)
-	assert.EqualError(t, err, "column index out of range")
+	assert.EqualError(t, err, "bind parameters")
 }
 
 func TestIntegration_QueryBindError(t *testing.T) {
@@ -123,7 +123,7 @@ func TestIntegration_QueryBindError(t *testing.T) {
 	defer cancel()
 
 	_, err := db.QueryContext(ctx, "SELECT 1", 1)
-	assert.EqualError(t, err, "column index out of range")
+	assert.EqualError(t, err, "bind parameters")
 }
 
 func TestIntegration_ConfigMultiThread(t *testing.T) {
diff --git a/internal/protocol/dial.go b/internal/protocol/dial.go
index fee4b2f7..53252229 100644
--- a/internal/protocol/dial.go
+++ b/internal/protocol/dial.go
@@ -2,7 +2,6 @@ package protocol
 
 import (
 	"context"
-	"crypto/tls"
 	"net"
 	"strings"
 )
@@ -16,15 +15,3 @@ func Dial(ctx context.Context, address string) (net.Conn, error) {
 	dialer := net.Dialer{}
 	return dialer.DialContext(ctx, family, address)
 }
-
-// TLSCipherSuites are the cipher suites by the go-dqlite TLS helpers.
-var TLSCipherSuites = []uint16{
-	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-	tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-	tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-	tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-}