diff --git a/basis/http/client/client.factor b/basis/http/client/client.factor
index cb4d9fd..1df634d 100644
--- a/basis/http/client/client.factor
+++ b/basis/http/client/client.factor
@@ -6,7 +6,7 @@ http.parsers io io.crlf io.encodings io.encodings.ascii
 io.encodings.binary io.encodings.iana io.encodings.string
 io.files io.pathnames io.sockets io.timeouts kernel locals math
 math.order math.parser mime.types namespaces present sequences
-splitting urls vocabs.loader combinators io.sockets.secure ;
+splitting urls vocabs.loader combinators io.sockets.secure-api ;
 IN: http.client
 
 ERROR: too-many-redirects ;
diff --git a/basis/io/sockets/secure/openssl/openssl.factor b/basis/io/sockets/secure/openssl/openssl.factor
index 9cf2862..e70373c 100644
--- a/basis/io/sockets/secure/openssl/openssl.factor
+++ b/basis/io/sockets/secure/openssl/openssl.factor
@@ -4,8 +4,7 @@ USING: accessors alien alien.c-types alien.data alien.strings
 assocs byte-arrays classes.struct combinators destructors fry io
 io.backend io.buffers io.encodings.8-bit.latin1
 io.encodings.utf8 io.files io.pathnames io.ports io.sockets
-io.sockets.secure io.timeouts kernel libc
-
+io.sockets.secure io.sockets.secure-api io.timeouts kernel libc
 locals math math.order math.parser namespaces openssl
 openssl.libcrypto openssl.libssl random sequences splitting
 unicode.case ;
diff --git a/basis/io/sockets/secure/secure-docs.factor b/basis/io/sockets/secure/secure-docs.factor
index dc9b3a6..42f34db 100644
--- a/basis/io/sockets/secure/secure-docs.factor
+++ b/basis/io/sockets/secure/secure-docs.factor
@@ -1,4 +1,5 @@
-USING: io help.markup help.syntax calendar quotations io.sockets ;
+USING: calendar help.markup help.syntax io io.sockets
+io.sockets.secure-api quotations ;
 IN: io.sockets.secure
 
 HELP: secure-socket-timeout
diff --git a/basis/io/sockets/secure/secure.factor b/basis/io/sockets/secure/secure.factor
index 9e6f555..c7bb083 100644
--- a/basis/io/sockets/secure/secure.factor
+++ b/basis/io/sockets/secure/secure.factor
@@ -1,115 +1,8 @@
 ! Copyright (C) 2008, 2010 Slava Pestov.
 ! See http://factorcode.org/license.txt for BSD license.
-USING: accessors calendar combinators delegate destructors io
-io.sockets io.sockets.private kernel namespaces present
-sequences summary system vocabs ;
+USING: combinators system vocabs ;
 IN: io.sockets.secure
 
-SYMBOL: secure-socket-timeout
-
-1 minutes secure-socket-timeout set-global
-
-SYMBOL: secure-socket-backend
-
-HOOK: ssl-supported? secure-socket-backend ( -- ? )
-HOOK: ssl-certificate-verification-supported? secure-socket-backend ( -- ? )
-
-M: object ssl-supported? f ;
-M: object ssl-certificate-verification-supported? f ;
-
-SINGLETONS: SSLv2 SSLv23 SSLv3 TLSv1 ;
-
-TUPLE: secure-config
-method
-key-file password
-verify
-verify-depth
-ca-file ca-path
-dh-file
-ephemeral-key-bits ;
-
-: <secure-config> ( -- config )
-    secure-config new
-        SSLv23 >>method
-        1024 >>ephemeral-key-bits
-        ssl-certificate-verification-supported? >>verify ;
-
-TUPLE: secure-context < disposable config handle ;
-
-HOOK: <secure-context> secure-socket-backend ( config -- context )
-
-: with-secure-context ( config quot -- )
-    [
-        [ <secure-context> ] [ [ secure-context set ] prepose ] bi*
-        with-disposal
-    ] with-scope ; inline
-
-TUPLE: secure { addrspec read-only } ;
-
-C: <secure> secure
-
-M: secure present addrspec>> present " (secure)" append ;
-
-CONSULT: inet secure addrspec>> ;
-
-M: secure resolve-host ( secure -- seq )
-    addrspec>> resolve-host [ <secure> ] map ;
-
-HOOK: check-certificate secure-socket-backend ( host handle -- )
-
-PREDICATE: secure-inet < secure addrspec>> inet? ;
-
-<PRIVATE
-
-M: secure-inet (client)
-    [
-        [ resolve-host (client) [ |dispose ] dip ] keep
-        addrspec>> host>> pick handle>> check-certificate
-    ] with-destructors ;
-
-PRIVATE>
-
-ERROR: premature-close ;
-
-M: premature-close summary
-    drop "Connection closed prematurely - potential truncation attack" ;
-
-ERROR: certificate-verify-error result ;
-
-M: certificate-verify-error summary
-    drop "Certificate verification failed" ;
-
-ERROR: subject-name-verify-error expected got ;
-
-M: subject-name-verify-error summary
-    drop "Subject name verification failed" ;
-
-ERROR: certificate-missing-error ;
-
-M: certificate-missing-error summary
-    drop "Host did not present any certificate" ;
-
-ERROR: upgrade-on-non-socket ;
-
-M: upgrade-on-non-socket summary
-    drop
-    "send-secure-handshake can only be used if input-stream and" print
-    "output-stream are a socket" ;
-
-ERROR: upgrade-buffers-full ;
-
-M: upgrade-buffers-full summary
-    drop
-    "send-secure-handshake can only be used if buffers are empty" ;
-
-HOOK: non-ssl-socket? os ( obj -- ? )
-
-HOOK: socket-handle os ( obj -- ? )
-
-HOOK: send-secure-handshake secure-socket-backend ( -- )
-
-HOOK: accept-secure-handshake secure-socket-backend ( -- )
-
 {
     { [ os unix? ] [ "io.sockets.secure.unix" require ] }
     { [ os windows? ] [ "io.sockets.secure.windows" require ] }
diff --git a/basis/io/sockets/secure/unix/unix.factor b/basis/io/sockets/secure/unix/unix.factor
index 8ccc61a..f0fb825 100644
--- a/basis/io/sockets/secure/unix/unix.factor
+++ b/basis/io/sockets/secure/unix/unix.factor
@@ -2,8 +2,8 @@
 ! See http://factorcode.org/license.txt for BSD license.
 USING: accessors combinators destructors io.backend.unix
 io.files io.sockets.private io.sockets.secure
-io.sockets.secure.openssl io.timeouts kernel math openssl
-openssl.libssl system ;
+io.sockets.secure-api io.sockets.secure.openssl io.timeouts
+kernel math openssl openssl.libssl system ;
 FROM: io.ports => shutdown ;
 IN: io.sockets.secure.unix
 
diff --git a/basis/io/sockets/sockets.factor b/basis/io/sockets/sockets.factor
index ff01ecf..ce24c54 100644
--- a/basis/io/sockets/sockets.factor
+++ b/basis/io/sockets/sockets.factor
@@ -8,7 +8,7 @@ grouping init io.backend io.binary io.encodings.ascii
 io.encodings.binary io.pathnames io.ports io.streams.duplex
 kernel locals math math.parser memoize namespaces present
 sequences sequences.private splitting strings summary system
-vocabs vocabs.parser ;
+vocabs vocabs.parser io.sockets.secure-api ;
 IN: io.sockets
 
 << {
diff --git a/basis/urls/secure/secure.factor b/basis/urls/secure/secure.factor
index 1c9b925..7f228ce 100644
--- a/basis/urls/secure/secure.factor
+++ b/basis/urls/secure/secure.factor
@@ -1,6 +1,7 @@
 ! Copyright (C) 2008, 2010 Slava Pestov.
 ! See http://factorcode.org/license.txt for BSD license.
-USING: urls urls.private io.sockets io.sockets.secure ;
+USING: io.sockets io.sockets.secure io.sockets.secure-api urls
+urls.private ;
 IN: urls.secure
 
 UNION: abstract-inet inet inet4 inet6 ;