diff --git a/imap/src/osdep/unix/ssl_unix.c b/imap/src/osdep/unix/ssl_unix.c
index 4c4d6ef..f2df2f2 100644
--- a/imap/src/osdep/unix/ssl_unix.c
+++ b/imap/src/osdep/unix/ssl_unix.c
@@ -33,9 +33,9 @@
 #include <bio.h>
 #include <crypto.h>
 #include <rand.h>
-#ifdef OPENSSL_1_1_0
 #include <rsa.h>
 #include <bn.h>
+#ifdef OPENSSL_1_1_0
 #ifdef TLSv1_1_client_method
 #undef TLSv1_1_client_method
 #endif /* TLSv1_1_client_method */
@@ -862,22 +862,16 @@ static RSA *ssl_genkey (SSL_CTX_TYPE *con,int export,int keylength)
   static RSA *key = NIL;
   if (!key) {			/* if don't have a key already */
 				/* generate key */
-#ifdef OPENSSL_1_1_0
     BIGNUM *e = BN_new();
     if (!RSA_generate_key_ex (key, export ? keylength : 1024, e,NIL)) {
-#else
-    if (!(key = RSA_generate_key (export ? keylength : 1024,RSA_F4,NIL,NIL))) {
-#endif /* OPENSSL_1_1_0 */
       syslog (LOG_ALERT,"Unable to generate temp key, host=%.80s",
 	      tcp_clienthost ());
       while ((i = ERR_get_error ()) != 0L)
 	syslog (LOG_ALERT,"SSL error status: %s",ERR_error_string (i,NIL));
       exit (1);
     }
-#ifdef OPENSSL_1_1_0
     BN_free(e);
     e = NULL;
-#endif /* OPENSSL_1_1_0 */
   }
   return key;
 }
diff --git a/pith/smkeys.h b/pith/smkeys.h
index e37eea3..a6c143b 100644
--- a/pith/smkeys.h
+++ b/pith/smkeys.h
@@ -32,6 +32,8 @@
 #include <openssl/safestack.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
 
 #ifndef OPENSSL_1_1_0
 #define X509_get0_notBefore(x) ((x) && (x)->cert_info                   \
@@ -47,9 +49,6 @@
                                 ? (x)->cert_info->validity->notAfter	\
                                 : NULL)
 #define X509_REQ_get0_pubkey(x) (X509_REQ_get_pubkey((x)))
-#else
-#include <openssl/rsa.h>
-#include <openssl/bn.h>
 #endif /* OPENSSL_1_1_0 */
 
 #define EMAILADDRLEADER "emailAddress="