diff --git a/src/DFA.cc b/src/DFA.cc
index b9d62f8db4..c2ac56b616 100644
--- a/src/DFA.cc
+++ b/src/DFA.cc
@@ -265,9 +265,9 @@ DFA_State_Cache::~DFA_State_Cache() {
 DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas, DigestStr* digest) {
     // We assume that state ID's don't exceed 10 digits, plus
     // we allow one more character for the delimiter.
-    auto id_tag_buf = std::make_unique<u_char[]>(nfas.length() * 11 + 1);
+    auto id_tag_buf = std::make_unique<char[]>(nfas.length() * 11 + 1);
     auto id_tag = id_tag_buf.get();
-    u_char* p = id_tag;
+    char* p = id_tag;
 
     for ( int i = 0; i < nfas.length(); ++i ) {
         NFA_State* n = nfas[i];
@@ -287,7 +287,7 @@ DFA_State* DFA_State_Cache::Lookup(const NFA_state_list& nfas, DigestStr* digest
     // HashKey because the data is copied into the key.
     hash128_t hash;
     KeyedHash::Hash128(id_tag, p - id_tag, &hash);
-    *digest = DigestStr(reinterpret_cast<const unsigned char*>(hash), 16);
+    *digest = DigestStr(reinterpret_cast<const char*>(hash), 16);
 
     auto entry = states.find(*digest);
     if ( entry == states.end() ) {
diff --git a/src/DFA.h b/src/DFA.h
index 1bf2979ec3..e44fa05b22 100644
--- a/src/DFA.h
+++ b/src/DFA.h
@@ -2,7 +2,7 @@
 
 #pragma once
 
-#include <sys/types.h> // for u_char
+#include <sys/types.h>
 #include <cassert>
 #include <map>
 #include <string>
@@ -67,7 +67,7 @@ protected:
     DFA_State* mark;
 };
 
-using DigestStr = std::basic_string<u_char>;
+using DigestStr = std::string;
 
 struct DFA_State_Cache_Stats {
     // Sum of all NFA states
diff --git a/src/analyzer/protocol/ssl/SSL.cc b/src/analyzer/protocol/ssl/SSL.cc
index 55f3469870..8a4718dab7 100644
--- a/src/analyzer/protocol/ssl/SSL.cc
+++ b/src/analyzer/protocol/ssl/SSL.cc
@@ -3,6 +3,7 @@
 #include <arpa/inet.h>
 #include <openssl/evp.h>
 #include <openssl/opensslv.h>
+#include <vector>
 
 #include "zeek/Reporter.h"
 #include "zeek/analyzer/Manager.h"
@@ -22,6 +23,8 @@
 
 namespace zeek::analyzer::ssl {
 
+using byte_buffer = std::vector<u_char>;
+
 template<typename T>
 static inline T MSB(const T a) {
     return ((a >> 8) & 0xff);
@@ -32,12 +35,13 @@ static inline T LSB(const T a) {
     return (a & 0xff);
 }
 
-static std::basic_string<unsigned char> fmt_seq(uint32_t num) {
-    std::basic_string<unsigned char> out(4, '\0');
+static byte_buffer fmt_seq(uint32_t num) {
+    byte_buffer out(4, '\0');
     out.reserve(13);
     uint32_t netnum = htonl(num);
-    out.append(reinterpret_cast<u_char*>(&netnum), 4);
-    out.append(5, '\0');
+    uint8_t* p = reinterpret_cast<uint8_t*>(&netnum);
+    out.insert(out.end(), p, p + 4);
+    out.insert(out.end(), 5, '\0');
     return out;
 }
 
@@ -271,7 +275,7 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
         const u_char* s_iv = keys.data() + 68;
 
         // FIXME: should we change types here?
-        u_char* encrypted = (u_char*)data;
+        const u_char* encrypted = data;
         size_t encrypted_len = len;
 
         if ( is_orig )
@@ -280,14 +284,15 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
             s_seq++;
 
         // AEAD nonce, length 12
-        std::basic_string<unsigned char> s_aead_nonce;
+        byte_buffer s_aead_nonce;
+        s_aead_nonce.reserve(12);
         if ( is_orig )
-            s_aead_nonce.assign(c_iv, 4);
+            s_aead_nonce.insert(s_aead_nonce.end(), c_iv, c_iv + 4);
         else
-            s_aead_nonce.assign(s_iv, 4);
+            s_aead_nonce.insert(s_aead_nonce.end(), s_iv, s_iv + 4);
 
         // this should be the explicit counter
-        s_aead_nonce.append(encrypted, 8);
+        s_aead_nonce.insert(s_aead_nonce.end(), encrypted, encrypted + 8);
         assert(s_aead_nonce.size() == 12);
 
         EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
@@ -310,28 +315,28 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
         else
             EVP_DecryptInit(ctx, EVP_aes_256_gcm(), s_wk, s_aead_nonce.data());
 
-        EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, encrypted + encrypted_len);
+        EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, const_cast<u_char*>(encrypted + encrypted_len));
 
         // AEAD tag
-        std::basic_string<unsigned char> s_aead_tag;
+        byte_buffer s_aead_tag;
         if ( is_orig )
             s_aead_tag = fmt_seq(c_seq);
         else
             s_aead_tag = fmt_seq(s_seq);
 
+        assert(s_aead_tag.size() == 13);
         s_aead_tag[8] = content_type;
         s_aead_tag[9] = MSB(raw_tls_version);
         s_aead_tag[10] = LSB(raw_tls_version);
         s_aead_tag[11] = MSB(encrypted_len);
         s_aead_tag[12] = LSB(encrypted_len);
-        assert(s_aead_tag.size() == 13);
 
         auto decrypted = std::vector<u_char>(encrypted_len +
                                              16); // see OpenSSL manpage - 16 is the block size for the supported cipher
         int decrypted_len = 0;
 
         EVP_DecryptUpdate(ctx, NULL, &decrypted_len, s_aead_tag.data(), s_aead_tag.size());
-        EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, (const u_char*)encrypted, encrypted_len);
+        EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, encrypted, encrypted_len);
         assert(static_cast<decltype(decrypted.size())>(decrypted_len) <= decrypted.size());
         decrypted.resize(decrypted_len);