@@ -, +, @@ 
- Various initialization functions, also used to check for openssl in
  configure, are deprecated. Added OpenSSL_version_num as fallback in
  configure.
- Use get and set functions for opaque structures
- RAND_pseudo_bytes is deprecated
---
 configure.in             |  5 +++++
 src/network/ssl/socket.c | 12 ++++++++++++
 src/network/ssl/ssl.c    |  7 +++++++
 3 files changed, 24 insertions(+)
--- a/configure.in	
+++ a/configure.in	
@@ -1122,6 +1122,9 @@ else
 			if test "$cf_result" != yes; then
 				AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <openssl/ssl.h>]], [[SSLeay_add_ssl_algorithms()]])],[cf_result=yes],[cf_result=no])
 			fi
+			if test "$cf_result" != yes; then
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <openssl/crypto.h>]], [[OpenSSL_version_num()]])],[cf_result=yes],[cf_result=no])
+			fi
 		fi
 	done
 
@@ -1136,6 +1139,8 @@ else
 
 		CFLAGS="$CFLAGS_X"
 		AC_SUBST(OPENSSL_CFLAGS)
+
+		AC_CHECK_FUNCS([SSL_set_options] [ASN1_STRING_get0_data] [SSL_get_SSL_CTX])
 	fi
 fi
 
--- a/src/network/ssl/socket.c	
+++ a/src/network/ssl/socket.c	
@@ -81,7 +81,11 @@ static void
 ssl_set_no_tls(struct socket *socket)
 {
 #ifdef CONFIG_OPENSSL
+#ifdef HAVE_SSL_SET_OPTIONS
+	SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1);
+#else
 	((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
+#endif /* HAVE_SSL_SET_OPTIONS */
 #elif defined(CONFIG_GNUTLS)
 	/* There is another gnutls_priority_set_direct call elsewhere
 	 * in ELinks.  If you change the priorities here, please check
@@ -246,7 +250,11 @@ static int
 match_uri_host_ip(const unsigned char *uri_host,
 		  ASN1_OCTET_STRING *cert_host_asn1)
 {
+#ifdef HAVE_ASN1_STRING_GET0_DATA
+	const unsigned char *cert_host_addr = ASN1_STRING_get0_data(cert_host_asn1);
+#else
 	const unsigned char *cert_host_addr = ASN1_STRING_data(cert_host_asn1);
+#endif /* HAVE_ASN1_STRING_GET0_DATA */
 	struct in_addr uri_host_in;
 #ifdef CONFIG_IPV6
 	struct in6_addr uri_host_in6;
@@ -453,7 +461,11 @@ ssl_connect(struct socket *socket)
 					(SSL *) socket->ssl,
 					client_cert);
 #else
+#ifdef HAVE_SSL_GET_SSL_CTX
+			SSL_CTX *ctx = SSL_get_SSL_CTX(socket->ssl);
+#else
 			SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx;
+#endif /* HAVE_SSL_GET_SSL_CTX */
 
 			SSL_CTX_use_certificate_chain_file(ctx, client_cert);
 			SSL_CTX_use_PrivateKey_file(ctx, client_cert,
--- a/src/network/ssl/ssl.c	
+++ a/src/network/ssl/ssl.c	
@@ -7,6 +7,7 @@ 
 #ifdef CONFIG_OPENSSL
 #include <openssl/ssl.h>
 #include <openssl/rand.h>
+#include <openssl/opensslv.h>
 #define USE_OPENSSL
 #elif defined(CONFIG_NSS_COMPAT_OSSL)
 #include <nss_compat_ossl/nss_compat_ossl.h>
@@ -95,7 +96,9 @@ init_openssl(struct module *module)
 	}
 #endif
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSLeay_add_ssl_algorithms();
+#endif
 	context = SSL_CTX_new(SSLv23_client_method());
 	SSL_CTX_set_options(context, SSL_OP_ALL);
 	SSL_CTX_set_default_verify_paths(context);
@@ -432,7 +435,11 @@ void
 random_nonce(unsigned char buf[], size_t size)
 {
 #ifdef USE_OPENSSL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	RAND_pseudo_bytes(buf, size);
+#else
+	RAND_bytes(buf, size);
+#endif
 #elif defined(CONFIG_GNUTLS)
 	gcry_create_nonce(buf, size);
 #else
--