diff --git a/rust/Cargo.lock.in b/rust/Cargo.lock.in
index 3951afa6ba..669bac4118 100644
--- a/rust/Cargo.lock.in
+++ b/rust/Cargo.lock.in
@@ -991,6 +991,7 @@ dependencies = [
  "byteorder",
  "crc",
  "der-parser 6.0.1",
+ "der-parser 8.2.0",
  "digest",
  "flate2",
  "hex",
diff --git a/rust/Cargo.toml.in b/rust/Cargo.toml.in
index 3eff29cb69..587cf7c208 100644
--- a/rust/Cargo.toml.in
+++ b/rust/Cargo.toml.in
@@ -41,8 +41,12 @@ aes-gcm = "~0.9.4"
 
 sawp-modbus = "~0.11.0"
 sawp = "~0.11.0"
-der-parser = "~6.0"
-kerberos-parser = "~0.7.1"
+der-parser = "~8.2.0"
+kerberos-parser = { version = "~0.7.1", default_features = false }
+
+# Kerberos parsing still depends on der-parser 6.0.1.
+der-parser6 = { package = "der-parser", version = "~6.0.1", default_features = false }
+
 ntp-parser = "~0.6.0"
 ipsec-parser = "~0.7.0"
 snmp-parser = "~0.9.0"
diff --git a/rust/src/asn1/mod.rs b/rust/src/asn1/mod.rs
index 579765fa1c..7c52b4cb85 100644
--- a/rust/src/asn1/mod.rs
+++ b/rust/src/asn1/mod.rs
@@ -15,7 +15,7 @@
  * 02110-1301, USA.
  */
 
-use der_parser::ber::{parse_ber_recursive, BerObject, BerObjectContent, BerTag};
+use der_parser::ber::{parse_ber_recursive, BerObject, BerObjectContent, Tag};
 use nom7::Err;
 use std::convert::TryFrom;
 
@@ -86,7 +86,7 @@ impl<'a> Asn1<'a> {
     fn check_object(obj: &BerObject, ad: &DetectAsn1Data) -> Option<Asn1Check> {
         // get length
         // Note that if length is indefinite (BER), this will return None
-        let len = obj.header.len.primitive().ok()?;
+        let len = obj.header.length().definite().ok()?;
         // oversize_length will check if a node has a length greater than
         // the user supplied length
         if let Some(oversize_length) = ad.oversize_length {
@@ -101,7 +101,7 @@ impl<'a> Asn1<'a> {
         // to ignore is greater than the length decoded (in bits)
         if ad.bitstring_overflow
             && (obj.header.is_universal()
-                && obj.header.tag == BerTag::BitString
+                && obj.header.tag() == Tag::BitString
                 && obj.header.is_primitive())
         {
             if let BerObjectContent::BitString(bits, _v) = &obj.content {
@@ -118,7 +118,7 @@ impl<'a> Asn1<'a> {
         // and the buffer is greater than 256, the array is overflown
         if ad.double_overflow
             && (obj.header.is_universal()
-                && obj.header.tag == BerTag::RealType
+                && obj.header.tag() == Tag::RealType
                 && obj.header.is_primitive())
         {
             if let Ok(data) = obj.content.as_slice() {
diff --git a/rust/src/kerberos.rs b/rust/src/kerberos.rs
index c4f1fca499..3b152735a4 100644
--- a/rust/src/kerberos.rs
+++ b/rust/src/kerberos.rs
@@ -18,9 +18,9 @@
 use nom7::IResult;
 use nom7::error::{ErrorKind, ParseError};
 use nom7::number::streaming::le_u16;
-use der_parser;
-use der_parser::der::parse_der_oid;
-use der_parser::error::BerError;
+use der_parser6;
+use der_parser6::der::parse_der_oid;
+use der_parser6::error::BerError;
 use kerberos_parser::krb5::{ApReq, PrincipalName, Realm};
 use kerberos_parser::krb5_parser::parse_ap_req;
 
@@ -56,7 +56,7 @@ pub struct Kerberos5Ticket {
 
 fn parse_kerberos5_request_do(blob: &[u8]) -> IResult<&[u8], ApReq, SecBlobError>
 {
-    let (_,b) = der_parser::parse_der(blob).map_err(nom7::Err::convert)?;
+    let (_,b) = der_parser6::parse_der(blob).map_err(nom7::Err::convert)?;
     let blob = b.as_slice().or(
         Err(nom7::Err::Error(SecBlobError::KrbFmtError))
     )?;
diff --git a/rust/src/krb/krb5.rs b/rust/src/krb/krb5.rs
index 3c12e9297e..6cbdd0146a 100644
--- a/rust/src/krb/krb5.rs
+++ b/rust/src/krb/krb5.rs
@@ -22,7 +22,7 @@ use std::ffi::CString;
 use nom7::{Err, IResult};
 use nom7::number::streaming::be_u32;
 use der_parser::der::der_read_element_header;
-use der_parser::ber::BerClass;
+use der_parser::ber::Class;
 use kerberos_parser::krb5_parser;
 use kerberos_parser::krb5::{EncryptionType,ErrorCode,MessageType,PrincipalName,Realm};
 use crate::applayer::{self, *};
@@ -129,8 +129,8 @@ impl KRB5State {
         match der_read_element_header(i) {
             Ok((_rem,hdr)) => {
                 // Kerberos messages start with an APPLICATION header
-                if hdr.class != BerClass::Application { return 0; }
-                match hdr.tag.0 {
+                if hdr.class() != Class::Application { return 0; }
+                match hdr.tag().0 {
                     10 => {
                         self.req_id = 10;
                     },
@@ -190,7 +190,7 @@ impl KRB5State {
                         };
                         self.req_id = 0;
                     },
-                    _ => { SCLogDebug!("unknown/unsupported tag {}", hdr.tag); },
+                    _ => { SCLogDebug!("unknown/unsupported tag {}", hdr.tag()); },
                 }
                 0
             },
@@ -338,9 +338,9 @@ pub unsafe extern "C" fn rs_krb5_probing_parser(_flow: *const Flow,
     match der_read_element_header(slice) {
         Ok((rem, ref hdr)) => {
             // Kerberos messages start with an APPLICATION header
-            if hdr.class != BerClass::Application { return ALPROTO_FAILED; }
+            if hdr.class() != Class::Application { return ALPROTO_FAILED; }
             // Tag number should be <= 30
-            if hdr.tag.0 > 30 { return ALPROTO_FAILED; }
+            if hdr.tag().0 > 30 { return ALPROTO_FAILED; }
             // Kerberos messages contain sequences
             if rem.is_empty() || rem[0] != 0x30 { return ALPROTO_FAILED; }
             // Check kerberos version
diff --git a/rust/src/smb/auth.rs b/rust/src/smb/auth.rs
index 3d57905d18..c5d20bba6e 100644
--- a/rust/src/smb/auth.rs
+++ b/rust/src/smb/auth.rs
@@ -21,12 +21,12 @@ use crate::smb::ntlmssp_records::*;
 use crate::smb::smb::*;
 
 use nom7::{Err, IResult};
-use der_parser::ber::BerObjectContent;
-use der_parser::der::{parse_der_oid, parse_der_sequence};
+use der_parser6::ber::BerObjectContent;
+use der_parser6::der::{parse_der_oid, parse_der_sequence};
 
 fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8], SecBlobError>
 {
-    let (rem, base_o) = der_parser::parse_der(blob).map_err(Err::convert)?;
+    let (rem, base_o) = der_parser6::parse_der(blob).map_err(Err::convert)?;
     SCLogDebug!("parse_secblob_get_spnego: base_o {:?}", base_o);
     let d = match base_o.content.as_slice() {
         Err(_) => { return Err(Err::Error(SecBlobError::NotSpNego)); },
@@ -59,7 +59,7 @@ fn parse_secblob_get_spnego(blob: &[u8]) -> IResult<&[u8], &[u8], SecBlobError>
 
 fn parse_secblob_spnego_start(blob: &[u8]) -> IResult<&[u8], &[u8], SecBlobError>
 {
-    let (rem, o) = der_parser::parse_der(blob).map_err(Err::convert)?;
+    let (rem, o) = der_parser6::parse_der(blob).map_err(Err::convert)?;
     let d = match o.content.as_slice() {
         Ok(d) => {
             SCLogDebug!("d: next data len {}",d.len());
@@ -96,7 +96,7 @@ fn parse_secblob_spnego(blob: &[u8]) -> Option<SpnegoRequest>
             Ok(s) => s,
             _ => { continue; },
         };
-        let o = match der_parser::parse_der(n) {
+        let o = match der_parser6::parse_der(n) {
             Ok((_,x)) => x,
             _ => { continue; },
         };