diff --git a/Cargo.toml b/Cargo.toml
index ddfaeaee4..905414b3b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -27,6 +27,7 @@ nix = "0.15"
 openssl = "0.10"
 pam = "0.7"
 pam-sys = "0.5"
+percent-encoding = "2.1"
 pin-utils = "0.1.0-alpha"
 proxmox = { git = "ssh://gitolite3@proxdev.maurer-it.com/rust/proxmox", version = "0.1", features = [ "sortable-macro", "api-macro" ] }
 regex = "1.0"
@@ -36,10 +37,10 @@ serde_json = "1.0"
 siphasher = "0.3"
 syslog = "4.0"
 tokio = { version = "0.2.0", features = [ "blocking", "fs", "io-util", "macros", "rt-threaded", "signal", "stream", "tcp", "time", "uds" ] }
-tokio-util = { version = "0.2.0", features = [ "codec" ] }
 tokio-openssl = "0.4.0"
+tokio-util = { version = "0.2.0", features = [ "codec" ] }
 tower-service = "0.3.0"
-url = "1.7"
+url = "2.1"
 valgrind_request = { version = "1.1", optional = true }
 walkdir = "2"
 xdg = "2.2"
diff --git a/src/client/http_client.rs b/src/client/http_client.rs
index 15a13e5c0..ff5a4ec1f 100644
--- a/src/client/http_client.rs
+++ b/src/client/http_client.rs
@@ -11,7 +11,7 @@ use hyper::Body;
 use hyper::client::{Client, HttpConnector};
 use openssl::ssl::{SslConnector, SslMethod};
 use serde_json::{json, Value};
-use url::percent_encoding::{percent_encode,  DEFAULT_ENCODE_SET};
+use percent_encoding::percent_encode;
 use xdg::BaseDirectories;
 
 use proxmox::tools::{
@@ -21,7 +21,7 @@ use proxmox::tools::{
 use super::pipe_to_stream::PipeToSendStream;
 use crate::tools::async_io::EitherStream;
 use crate::tools::futures::{cancellable, Canceller};
-use crate::tools::{self, tty, BroadcastFuture};
+use crate::tools::{self, tty, BroadcastFuture, DEFAULT_ENCODE_SET};
 
 #[derive(Clone)]
 pub struct AuthInfo {
diff --git a/src/tools.rs b/src/tools.rs
index 90cc8f1bb..c63d83771 100644
--- a/src/tools.rs
+++ b/src/tools.rs
@@ -14,6 +14,7 @@ use std::time::Duration;
 use failure::*;
 use serde_json::Value;
 use openssl::hash::{hash, DigestBytes, MessageDigest};
+use percent_encoding::AsciiSet;
 
 use proxmox::tools::vec;
 
@@ -416,7 +417,7 @@ pub fn extract_auth_cookie(cookie: &str, cookie_name: &str) -> Option<String> {
         };
 
         if name == cookie_name {
-            use url::percent_encoding::percent_decode;
+            use percent_encoding::percent_decode;
             if let Ok(value) = percent_decode(value.as_bytes()).decode_utf8() {
                 return Some(value.into());
             } else {
@@ -549,3 +550,19 @@ impl<T: Any> AsAny for T {
         self
     }
 }
+
+/// This used to be: `SIMPLE_ENCODE_SET` plus space, `"`, `#`, `<`, `>`, backtick, `?`, `{`, `}`
+pub const DEFAULT_ENCODE_SET: &AsciiSet = &percent_encoding::CONTROLS // 0..1f and 7e
+    // The SIMPLE_ENCODE_SET adds space and anything >= 0x7e (7e itself is already included above)
+    .add(0x20)
+    .add(0x7f)
+    // the DEFAULT_ENCODE_SET added:
+    .add(b' ')
+    .add(b'"')
+    .add(b'#')
+    .add(b'<')
+    .add(b'>')
+    .add(b'`')
+    .add(b'?')
+    .add(b'{')
+    .add(b'}');