diff --git a/src/analyzer/protocol/rdp/RDP.cc b/src/analyzer/protocol/rdp/RDP.cc
index b50006e6ca..77288947c7 100644
--- a/src/analyzer/protocol/rdp/RDP.cc
+++ b/src/analyzer/protocol/rdp/RDP.cc
@@ -13,7 +13,7 @@ RDP_Analyzer::RDP_Analyzer(Connection* c) : analyzer::tcp::TCP_ApplicationAnalyz
 	interp = new binpac::RDP::RDP_Conn(this);
 
 	had_gap = false;
-	pia = nullptr;
+	ssl = nullptr;
 	}
 
 RDP_Analyzer::~RDP_Analyzer()
@@ -54,19 +54,15 @@ void RDP_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
 		// 0x03-0x04 is CredSSP which is effectively SSL/TLS
 		if ( interp->encryption_method() > 0x00 )
 			{
-			if ( ! pia )
+			if ( ! ssl )
 				{
-				pia = new analyzer::pia::PIA_TCP(Conn());
-
-				if ( ! AddChildAnalyzer(pia) )
+				ssl = new analyzer::ssl::SSL_Analyzer(Conn());
+				if ( ! AddChildAnalyzer(ssl) )
 					{
 					reporter->AnalyzerError(this, "failed to add TCP child analyzer "
 					                              "to RDP analyzer: already exists");
 					return;
 					}
-
-				pia->FirstPacket(true, nullptr);
-				pia->FirstPacket(false, nullptr);
 				}
 
 			ForwardStream(len, data, orig);
diff --git a/src/analyzer/protocol/rdp/RDP.h b/src/analyzer/protocol/rdp/RDP.h
index bb84b7e775..816d10720b 100644
--- a/src/analyzer/protocol/rdp/RDP.h
+++ b/src/analyzer/protocol/rdp/RDP.h
@@ -3,6 +3,7 @@
 #include "zeek/analyzer/protocol/pia/PIA.h"
 #include "zeek/analyzer/protocol/rdp/events.bif.h"
 #include "zeek/analyzer/protocol/rdp/rdp_pac.h"
+#include "zeek/analyzer/protocol/ssl/SSL.h"
 #include "zeek/analyzer/protocol/tcp/TCP.h"
 
 namespace zeek::analyzer::rdp
@@ -30,7 +31,7 @@ protected:
 	binpac::RDP::RDP_Conn* interp;
 
 	bool had_gap;
-	analyzer::pia::PIA_TCP* pia;
+	analyzer::ssl::SSL_Analyzer* ssl;
 	};
 
 	} // namespace zeek::analyzer::rdp