--- a/src/main/threads.c
+++ b/src/main/threads.c
@@ -298,6 +298,7 @@ static void ssl_locking_function(int mod
  */
 int tls_mutexes_init(void)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 	int i;
 
 	ssl_mutexes = rad_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));
@@ -316,6 +317,7 @@ int tls_mutexes_init(void)
 #ifdef HAVE_CRYPTO_SET_LOCKING_CALLBACK
 	CRYPTO_set_locking_callback(ssl_locking_function);
 #endif
+#endif
 
 	return 0;
 }
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -55,6 +55,7 @@ USES_APPLE_DEPRECATED_API	/* OpenSSL API
 #    include <openssl/evp.h>
 #  endif
 #  include <openssl/ssl.h>
+#  include <openssl/dh.h>
 
 #define LOG_PREFIX "tls"
 
@@ -2133,7 +2134,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
 	int		my_ok = ok;
 
 	ASN1_INTEGER	*sn = NULL;
-	ASN1_TIME	*asn_time = NULL;
+	const ASN1_TIME	*asn_time = NULL;
 	VALUE_PAIR	**certs;
 	char **identity;
 #ifdef HAVE_OPENSSL_OCSP_H
@@ -2207,7 +2208,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
 	 *	Get the Expiration Date
 	 */
 	buf[0] = '\0';
-	asn_time = X509_get_notAfter(client_cert);
+	asn_time = X509_get0_notAfter(client_cert);
 	if (certs && (lookup <= 1) && asn_time &&
 	    (asn_time->length < (int) sizeof(buf))) {
 		memcpy(buf, (char*) asn_time->data, asn_time->length);
@@ -2220,7 +2221,7 @@ int cbtls_verify(int ok, X509_STORE_CTX
 	 *	Get the Valid Since Date
 	 */
 	buf[0] = '\0';
-	asn_time = X509_get_notBefore(client_cert);
+	asn_time = X509_get0_notBefore(client_cert);
 	if (certs && (lookup <= 1) && asn_time &&
 	    (asn_time->length < (int) sizeof(buf))) {
 		memcpy(buf, (char*) asn_time->data, asn_time->length);
@@ -2690,10 +2691,12 @@ static int set_ecdh_curve(SSL_CTX *ctx,
  */
 int tls_global_init(bool spawn_flag, bool check)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_load_error_strings();	/* readable error messages (examples show call before library_init) */
 	SSL_library_init();		/* initialize library */
 	OpenSSL_add_all_algorithms();	/* required for SHA2 in OpenSSL < 0.9.8o and 1.0.0.a */
 	CONF_modules_load_file(NULL, NULL, 0);
+#endif
 
 	/*
 	 *	Initialize the index for the certificates.
@@ -2769,6 +2772,7 @@ int tls_global_version_check(char const
  */
 void tls_global_cleanup(void)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 #if OPENSSL_VERSION_NUMBER < 0x10000000L
 	ERR_remove_state(0);
 #elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
@@ -2781,6 +2785,7 @@ void tls_global_cleanup(void)
 	ERR_free_strings();
 	EVP_cleanup();
 	CRYPTO_cleanup_all_ex_data();
+#endif
 }
 
 
--- a/src/main/version.c
+++ b/src/main/version.c
@@ -54,7 +54,7 @@ int ssl_check_consistency(void)
 {
 	long ssl_linked;
 
-	ssl_linked = SSLeay();
+	ssl_linked = OpenSSL_version_num();
 
 	/*
 	 *	Major and minor versions mismatch, that's bad.
@@ -152,7 +152,7 @@ char const *ssl_version_num(void)
 {
 	long ssl_linked;
 
-	ssl_linked = SSLeay();
+	ssl_linked = OpenSSL_version_num();
 	return ssl_version_by_num((uint32_t)ssl_linked);
 }
 
@@ -188,10 +188,10 @@ char const *ssl_version(void)
 {
 	static char buffer[256];
 
-	uint32_t v = SSLeay();
+	uint32_t v = OpenSSL_version_num();
 
 	snprintf(buffer, sizeof(buffer), "%s 0x%.8x (%s)",
-		 SSLeay_version(SSLEAY_VERSION),		/* Not all builds include a useful version number */
+		 OpenSSL_version(OPENSSL_VERSION),		/* Not all builds include a useful version number */
 		 v,
 		 ssl_version_by_num(v));