diff --git a/dc/s2n-quic-dc/Cargo.toml b/dc/s2n-quic-dc/Cargo.toml
index 1f592ad00..920d982ad 100644
--- a/dc/s2n-quic-dc/Cargo.toml
+++ b/dc/s2n-quic-dc/Cargo.toml
@@ -31,8 +31,8 @@ libc = "0.2"
 num-rational = { version = "0.4", default-features = false }
 once_cell = "1"
 pin-project-lite = "0.2"
-rand = { version = "0.8", features = ["small_rng"] }
-rand_chacha = "0.3"
+rand = { version = "0.9", features = ["small_rng"] }
+rand_chacha = "0.9"
 s2n-codec = { version = "=0.53.0", path = "../../common/s2n-codec", default-features = false }
 s2n-quic-core = { version = "=0.53.0", path = "../../quic/s2n-quic-core", default-features = false }
 s2n-quic-platform = { version = "=0.53.0", path = "../../quic/s2n-quic-platform" }
diff --git a/dc/s2n-quic-dc/src/path/secret/map/cleaner.rs b/dc/s2n-quic-dc/src/path/secret/map/cleaner.rs
index 1e645864b..b858c39cf 100644
--- a/dc/s2n-quic-dc/src/path/secret/map/cleaner.rs
+++ b/dc/s2n-quic-dc/src/path/secret/map/cleaner.rs
@@ -68,7 +68,7 @@ impl Cleaner {
                 let pause = if cfg!(test) {
                     60
                 } else {
-                    rand::thread_rng().gen_range(5..60)
+                    rand::rng().random_range(5..60)
                 };
                 std::thread::park_timeout(Duration::from_secs(pause));
 
diff --git a/dc/s2n-quic-dc/src/path/secret/map/entry.rs b/dc/s2n-quic-dc/src/path/secret/map/entry.rs
index 5492146ab..cb5ab70eb 100644
--- a/dc/s2n-quic-dc/src/path/secret/map/entry.rs
+++ b/dc/s2n-quic-dc/src/path/secret/map/entry.rs
@@ -257,7 +257,7 @@ impl Entry {
         // The goal of rescheduling is to avoid continuously re-handshaking for N (possibly stale)
         // peers every cleaner loop, instead we defer handshakes out again. This effectively acts
         // as a (slow) retry mechanism.
-        let delta = rand::thread_rng().gen_range(
+        let delta = rand::rng().random_range(
             std::cmp::min(rehandshake_period.as_secs(), 360)..rehandshake_period.as_secs(),
         ) as u32;
         // This can't practically overflow -- each time we add we push out the next add by at least
diff --git a/dc/s2n-quic-dc/src/path/secret/receiver/tests.rs b/dc/s2n-quic-dc/src/path/secret/receiver/tests.rs
index e2e689b73..b15d3e725 100644
--- a/dc/s2n-quic-dc/src/path/secret/receiver/tests.rs
+++ b/dc/s2n-quic-dc/src/path/secret/receiver/tests.rs
@@ -197,7 +197,7 @@ fn check_delayed_inner(seed: u64, delay: u16) {
         // explanation for what guarantees we're actually trying to provide here).
         if id % 128 != 0 {
             // ...until some random interval no more than WINDOW away.
-            let insert_before = rng.gen_range(id + 1 + delay..id + WINDOW as u64);
+            let insert_before = rng.random_range(id + 1 + delay..id + WINDOW as u64);
             buffered.push((std::cmp::Reverse(insert_before), id));
         } else {
             model.insert(id);
diff --git a/dc/s2n-quic-dc/src/random.rs b/dc/s2n-quic-dc/src/random.rs
index 198facda7..5d4d785bb 100644
--- a/dc/s2n-quic-dc/src/random.rs
+++ b/dc/s2n-quic-dc/src/random.rs
@@ -1,7 +1,7 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-use rand::{rngs::adapter::ReseedingRng, RngCore, SeedableRng};
+use rand::{rngs::ReseedingRng, RngCore};
 use rand_chacha::ChaChaCore;
 
 pub use s2n_quic_core::random::*;
@@ -25,12 +25,7 @@ impl RngCore for AwsLc {
 
     #[inline]
     fn fill_bytes(&mut self, dest: &mut [u8]) {
-        self.try_fill_bytes(dest).unwrap()
-    }
-
-    #[inline]
-    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand::Error> {
-        aws_lc_rs::rand::fill(dest).map_err(rand::Error::new)
+        aws_lc_rs::rand::fill(dest).unwrap()
     }
 }
 
@@ -58,10 +53,8 @@ fn build_rng() -> ReseedingRng<ChaChaCore, AwsLc> {
     // This value is based on THREAD_RNG_RESEED_THRESHOLD from
     // [rand::rngs::thread.rs](https://github.com/rust-random/rand/blob/ef75e56cf5824d33c55622bf84a70ec6e22761ba/src/rngs/thread.rs#L39)
     const RESEED_THRESHOLD: u64 = 1024 * 64;
-
-    let prng = ChaChaCore::from_rng(AwsLc)
-        .unwrap_or_else(|err| panic!("could not initialize random generator: {err}"));
-    ReseedingRng::new(prng, RESEED_THRESHOLD, AwsLc)
+    ReseedingRng::<ChaChaCore, AwsLc>::new(RESEED_THRESHOLD, AwsLc)
+        .unwrap_or_else(|err| panic!("could not initialize random generator: {err}"))
 }
 
 impl Generator for Random {
diff --git a/quic/s2n-quic-qns/Cargo.toml b/quic/s2n-quic-qns/Cargo.toml
index 83999f25e..b905aba89 100644
--- a/quic/s2n-quic-qns/Cargo.toml
+++ b/quic/s2n-quic-qns/Cargo.toml
@@ -22,7 +22,7 @@ futures = "0.3"
 http = "1.0"
 humansize = "2"
 lru = "0.13"
-rand = "0.8"
+rand = "0.9"
 s2n-codec = { path = "../../common/s2n-codec" }
 s2n-quic-core = { path = "../s2n-quic-core", features = ["testing"] }
 s2n-quic-h3 = { path = "../s2n-quic-h3" }
diff --git a/quic/s2n-quic-qns/src/intercept.rs b/quic/s2n-quic-qns/src/intercept.rs
index 9f50ecd4a..9f9754422 100644
--- a/quic/s2n-quic-qns/src/intercept.rs
+++ b/quic/s2n-quic-qns/src/intercept.rs
@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use lru::LruCache;
-use rand::prelude::*;
+use rand::{Rng as _, RngCore};
 use s2n_codec::encoder::scatter;
 use s2n_quic_core::{
     event::api::Subject,
@@ -31,7 +31,7 @@ struct Random;
 
 impl havoc::Random for Random {
     fn fill(&mut self, bytes: &mut [u8]) {
-        thread_rng().fill_bytes(bytes);
+        rand::rng().fill_bytes(bytes);
     }
 
     fn gen_range(&mut self, range: std::ops::Range<u64>) -> u64 {
@@ -43,7 +43,7 @@ impl havoc::Random for Random {
             return start;
         }
 
-        thread_rng().gen_range(start..end)
+        rand::rng().random_range(start..end)
     }
 }
 
diff --git a/quic/s2n-quic/Cargo.toml b/quic/s2n-quic/Cargo.toml
index 8794024e7..67de243ee 100644
--- a/quic/s2n-quic/Cargo.toml
+++ b/quic/s2n-quic/Cargo.toml
@@ -69,8 +69,8 @@ cuckoofilter = { version = "0.5", optional = true }
 futures = { version = "0.3", default-features = false, features = ["std"] }
 hash_hasher = { version = "2", optional = true }
 humansize = { version = "2", optional = true }
-rand = "0.8"
-rand_chacha = "0.3"
+rand = "0.9"
+rand_chacha = "0.9"
 s2n-codec = { version = "=0.53.0", path = "../../common/s2n-codec" }
 s2n-quic-core = { version = "=0.53.0", path = "../s2n-quic-core" }
 s2n-quic-crypto = { version = "=0.53.0", path = "../s2n-quic-crypto", optional = true }
diff --git a/quic/s2n-quic/src/provider/connection_id.rs b/quic/s2n-quic/src/provider/connection_id.rs
index 6dc70527f..1dc5b5ebd 100644
--- a/quic/s2n-quic/src/provider/connection_id.rs
+++ b/quic/s2n-quic/src/provider/connection_id.rs
@@ -143,7 +143,7 @@ pub mod default {
         fn generate(&mut self, _connection_info: &ConnectionInfo) -> connection::LocalId {
             let mut id = [0u8; connection::id::MAX_LEN];
             let id = &mut id[..self.len];
-            rand::thread_rng().fill_bytes(id);
+            rand::rng().fill_bytes(id);
             (&*id).try_into().expect("length already checked")
         }
 
diff --git a/quic/s2n-quic/src/provider/random.rs b/quic/s2n-quic/src/provider/random.rs
index 3693de297..64fb57d77 100644
--- a/quic/s2n-quic/src/provider/random.rs
+++ b/quic/s2n-quic/src/provider/random.rs
@@ -19,7 +19,7 @@ mod rand {
     use core::convert::Infallible;
     use rand::{
         prelude::*,
-        rngs::{adapter::ReseedingRng, OsRng},
+        rngs::{OsRng, ReseedingRng},
     };
     use rand_chacha::ChaChaCore;
     use s2n_quic_core::random;
@@ -71,9 +71,8 @@ mod rand {
     // Constructs a `ReseedingRng` with a ChaCha RNG initially seeded from the OS,
     // that will reseed from the OS after RESEED_THRESHOLD is exceeded
     fn build_rng() -> ReseedingRng<ChaChaCore, OsRng> {
-        let prng = ChaChaCore::from_rng(OsRng)
-            .unwrap_or_else(|err| panic!("could not initialize random generator: {err}"));
-        ReseedingRng::new(prng, RESEED_THRESHOLD, OsRng)
+        ReseedingRng::<ChaChaCore, OsRng>::new(RESEED_THRESHOLD, OsRng)
+            .unwrap_or_else(|err| panic!("could not initialize random generator: {err}"))
     }
 
     impl random::Generator for Generator {
diff --git a/quic/s2n-quic/src/provider/stateless_reset_token.rs b/quic/s2n-quic/src/provider/stateless_reset_token.rs
index a45e16b9a..726d792d7 100644
--- a/quic/s2n-quic/src/provider/stateless_reset_token.rs
+++ b/quic/s2n-quic/src/provider/stateless_reset_token.rs
@@ -83,7 +83,7 @@ mod random {
         // be generated the same for a given `local_connection_id` before and after loss of state.
         fn generate(&mut self, _local_connection_id: &[u8]) -> stateless_reset::Token {
             let mut token = [0u8; STATELESS_RESET_TOKEN_LEN];
-            rand::thread_rng().fill_bytes(&mut token);
+            rand::rng().fill_bytes(&mut token);
             token.into()
         }
     }
diff --git a/quic/s2n-quic/src/tests/setup.rs b/quic/s2n-quic/src/tests/setup.rs
index 5bf363cd8..7520de818 100644
--- a/quic/s2n-quic/src/tests/setup.rs
+++ b/quic/s2n-quic/src/tests/setup.rs
@@ -175,15 +175,11 @@ impl havoc::Random for Random {
     }
 
     fn gen_range(&mut self, range: std::ops::Range<u64>) -> u64 {
-        self.inner.gen_range(range)
+        self.inner.random_range(range)
     }
 }
 
 impl RngCore for Random {
-    fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), rand::Error> {
-        self.inner.try_fill_bytes(dest)
-    }
-
     fn fill_bytes(&mut self, dest: &mut [u8]) {
         self.inner.fill_bytes(dest)
     }