diff --git a/common/rdr/AESInStream.cxx b/common/rdr/AESInStream.cxx
index a48908997..b10a214a2 100644
--- a/common/rdr/AESInStream.cxx
+++ b/common/rdr/AESInStream.cxx
@@ -22,6 +22,8 @@
 
 #include <assert.h>
 
+#include <stdexcept>
+
 #include <rdr/AESInStream.h>
 
 #ifdef HAVE_NETTLE
@@ -36,7 +38,7 @@ AESInStream::AESInStream(InStream* _in, const uint8_t* key,
   else if (keySize == 256)
     EAX_SET_KEY(&eaxCtx256, aes256_set_encrypt_key, aes256_encrypt, key);
   else
-    assert(!"incorrect key size");
+    throw std::out_of_range("Incorrect key size");
 }
 
 AESInStream::~AESInStream() {}
diff --git a/common/rdr/AESOutStream.cxx b/common/rdr/AESOutStream.cxx
index fcb3e37a0..1ec38b562 100644
--- a/common/rdr/AESOutStream.cxx
+++ b/common/rdr/AESOutStream.cxx
@@ -21,7 +21,9 @@
 #endif
 
 #include <assert.h>
-#include <rdr/Exception.h>
+
+#include <stdexcept>
+
 #include <rdr/AESOutStream.h>
 
 #ifdef HAVE_NETTLE
@@ -39,7 +41,7 @@ AESOutStream::AESOutStream(OutStream* _out, const uint8_t* key,
   else if (keySize == 256)
     EAX_SET_KEY(&eaxCtx256, aes256_set_encrypt_key, aes256_encrypt, key);
   else
-    assert(!"incorrect key size");
+    throw std::out_of_range("Incorrect key size");
 }
 
 AESOutStream::~AESOutStream()
diff --git a/common/rfb/CSecurityRSAAES.cxx b/common/rfb/CSecurityRSAAES.cxx
index 416eaa2d9..56e1d7025 100644
--- a/common/rfb/CSecurityRSAAES.cxx
+++ b/common/rfb/CSecurityRSAAES.cxx
@@ -126,7 +126,9 @@ bool CSecurityRSAAES::processMsg()
       writeCredentials();
       return true;
   }
-  assert(!"unreachable");
+
+  throw std::logic_error("Invalid state");
+
   return false;
 }
 
diff --git a/common/rfb/SSecurityRSAAES.cxx b/common/rfb/SSecurityRSAAES.cxx
index 1e5f2384a..46b66ca90 100644
--- a/common/rfb/SSecurityRSAAES.cxx
+++ b/common/rfb/SSecurityRSAAES.cxx
@@ -278,7 +278,9 @@ bool SSecurityRSAAES::processMsg()
         verifyPass();
       return true;
   }
-  assert(!"unreachable");
+
+  throw std::logic_error("Invalid state");
+
   return false;
 }