--- ruby-2.4.2-orig/ext/openssl/ossl.c	2017-09-09 00:38:12.000000000 +1000
+++ ruby-2.4.2/ext/openssl/ossl.c	2017-10-14 16:31:14.025619962 +1100
@@ -1010,10 +1010,8 @@
      */
     /* CRYPTO_malloc_init(); */
     /* ENGINE_load_builtin_engines(); */
-    OpenSSL_add_ssl_algorithms();
-    OpenSSL_add_all_algorithms();
-    ERR_load_crypto_strings();
-    SSL_load_error_strings();
+
+    OPENSSL_init_ssl(0, NULL);
 
     /*
      * FIXME:
@@ -1048,7 +1046,7 @@
     /*
      * Version of OpenSSL the ruby OpenSSL extension is running with
      */
-    rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(SSLeay_version(SSLEAY_VERSION)));
+    rb_define_const(mOSSL, "OPENSSL_LIBRARY_VERSION", rb_str_new2(OpenSSL_version(OPENSSL_VERSION)));
 
     /*
      * Version number of OpenSSL the ruby OpenSSL extension was built with
--- ruby-2.4.2-orig/ext/openssl/ossl.h	2016-12-01 01:41:46.000000000 +1100
+++ ruby-2.4.2/ext/openssl/ossl.h	2017-10-14 17:14:53.060910657 +1100
@@ -35,6 +35,11 @@
 #if !defined(OPENSSL_NO_OCSP)
 #  include <openssl/ocsp.h>
 #endif
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <openssl/dh.h>
 
 /*
  * Common Module
--- ruby-2.4.2-orig/ext/openssl/ossl_cipher.c	2017-08-03 23:43:01.000000000 +1000
+++ ruby-2.4.2/ext/openssl/ossl_cipher.c	2017-10-14 17:14:10.245740284 +1100
@@ -513,8 +513,8 @@
     GetCipher(self, ctx);
 
 #if defined(HAVE_AUTHENTICATED_ENCRYPTION)
-    if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
-	iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
+    if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
+      iv_len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
 #endif
     if (!iv_len)
 	iv_len = EVP_CIPHER_CTX_iv_length(ctx);
@@ -542,7 +542,7 @@
     GetCipher(self, ctx);
 
 #if defined(HAVE_AUTHENTICATED_ENCRYPTION)
-    return (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
+    return (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER) ? Qtrue : Qfalse;
 #else
     return Qfalse;
 #endif
@@ -617,7 +617,7 @@
 
     GetCipher(self, ctx);
 
-    if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
 	ossl_raise(eCipherError, "authentication tag not supported by this cipher");
 
     ret = rb_str_new(NULL, tag_len);
@@ -654,7 +654,7 @@
     tag_len = RSTRING_LENINT(vtag);
 
     GetCipher(self, ctx);
-    if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
 	ossl_raise(eCipherError, "authentication tag not supported by this cipher");
 
     if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, tag))
@@ -681,7 +681,7 @@
     EVP_CIPHER_CTX *ctx;
 
     GetCipher(self, ctx);
-    if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
 	ossl_raise(eCipherError, "AEAD not supported by this cipher");
 
     if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, tag_len, NULL))
@@ -708,7 +708,7 @@
     EVP_CIPHER_CTX *ctx;
 
     GetCipher(self, ctx);
-    if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER))
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER))
 	ossl_raise(eCipherError, "cipher does not support AEAD");
 
     if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, len, NULL))
@@ -807,7 +807,7 @@
 
     GetCipher(self, ctx);
 #if defined(HAVE_AUTHENTICATED_ENCRYPTION)
-    if (EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_FLAG_AEAD_CIPHER)
+    if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_FLAG_AEAD_CIPHER)
 	len = (int)(VALUE)EVP_CIPHER_CTX_get_app_data(ctx);
 #endif
     if (!len)
--- ruby-2.4.2-orig/ext/openssl/ossl_engine.c	2016-12-10 19:12:02.000000000 +1100
+++ ruby-2.4.2/ext/openssl/ossl_engine.c	2017-10-14 17:12:42.740390541 +1100
@@ -53,7 +53,7 @@
 #define OSSL_ENGINE_LOAD_IF_MATCH(x) \
 do{\
   if(!strcmp(#x, RSTRING_PTR(name))){\
-    ENGINE_load_##x();\
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_##x, NULL); \
     return Qtrue;\
   }\
 }while(0)
@@ -99,7 +99,7 @@
     StringValueCStr(name);
 #ifndef OPENSSL_NO_STATIC_ENGINE
 #if HAVE_ENGINE_LOAD_DYNAMIC
-    OSSL_ENGINE_LOAD_IF_MATCH(dynamic);
+    OSSL_ENGINE_LOAD_IF_MATCH(DYNAMIC);
 #endif
 #if HAVE_ENGINE_LOAD_4758CCA
     OSSL_ENGINE_LOAD_IF_MATCH(4758cca);
@@ -126,10 +126,10 @@
     OSSL_ENGINE_LOAD_IF_MATCH(ubsec);
 #endif
 #if HAVE_ENGINE_LOAD_PADLOCK
-    OSSL_ENGINE_LOAD_IF_MATCH(padlock);
+    OSSL_ENGINE_LOAD_IF_MATCH(PADLOCK);
 #endif
 #if HAVE_ENGINE_LOAD_CAPI
-    OSSL_ENGINE_LOAD_IF_MATCH(capi);
+    OSSL_ENGINE_LOAD_IF_MATCH(CAPI);
 #endif
 #if HAVE_ENGINE_LOAD_GMP
     OSSL_ENGINE_LOAD_IF_MATCH(gmp);
@@ -138,7 +138,7 @@
     OSSL_ENGINE_LOAD_IF_MATCH(gost);
 #endif
 #if HAVE_ENGINE_LOAD_CRYPTODEV
-    OSSL_ENGINE_LOAD_IF_MATCH(cryptodev);
+    OSSL_ENGINE_LOAD_IF_MATCH(CRYPTODEV);
 #endif
 #if HAVE_ENGINE_LOAD_AESNI
     OSSL_ENGINE_LOAD_IF_MATCH(aesni);
@@ -147,7 +147,7 @@
 #ifdef HAVE_ENGINE_LOAD_OPENBSD_DEV_CRYPTO
     OSSL_ENGINE_LOAD_IF_MATCH(openbsd_dev_crypto);
 #endif
-    OSSL_ENGINE_LOAD_IF_MATCH(openssl);
+    OSSL_ENGINE_LOAD_IF_MATCH(OPENSSL);
     rb_warning("no such builtin loader for `%"PRIsVALUE"'", name);
     return Qnil;
 #endif /* HAVE_ENGINE_LOAD_BUILTIN_ENGINES */
@@ -165,7 +165,6 @@
 static VALUE
 ossl_engine_s_cleanup(VALUE self)
 {
-    ENGINE_cleanup();
     return Qnil;
 }
 
--- ruby-2.4.2-orig/ext/openssl/ossl_x509cert.c	2017-09-09 00:38:12.000000000 +1000
+++ ruby-2.4.2/ext/openssl/ossl_x509cert.c	2017-10-14 17:32:44.932029602 +1100
@@ -478,7 +478,7 @@
 
     GetX509(self, x509);
     asn1time = ossl_x509_time_adjust(NULL, time);
-    if (!X509_set_notBefore(x509, asn1time)) {
+    if (!X509_set1_notBefore(x509, asn1time)) {
 	ASN1_TIME_free(asn1time);
 	ossl_raise(eX509CertError, "X509_set_notBefore");
     }
@@ -517,7 +517,7 @@
 
     GetX509(self, x509);
     asn1time = ossl_x509_time_adjust(NULL, time);
-    if (!X509_set_notAfter(x509, asn1time)) {
+    if (!X509_set1_notAfter(x509, asn1time)) {
 	ASN1_TIME_free(asn1time);
 	ossl_raise(eX509CertError, "X509_set_notAfter");
     }
--- ruby-2.4.2-orig/ext/openssl/ossl_x509crl.c	2017-09-09 00:38:12.000000000 +1000
+++ ruby-2.4.2/ext/openssl/ossl_x509crl.c	2017-10-14 17:34:03.985323274 +1100
@@ -237,7 +237,7 @@
 
     GetX509CRL(self, crl);
     asn1time = ossl_x509_time_adjust(NULL, time);
-    if (!X509_CRL_set_lastUpdate(crl, asn1time)) {
+    if (!X509_CRL_set1_lastUpdate(crl, asn1time)) {
 	ASN1_TIME_free(asn1time);
 	ossl_raise(eX509CRLError, "X509_CRL_set_lastUpdate");
     }
@@ -264,7 +264,7 @@
 
     GetX509CRL(self, crl);
     asn1time = ossl_x509_time_adjust(NULL, time);
-    if (!X509_CRL_set_nextUpdate(crl, asn1time)) {
+    if (!X509_CRL_set1_nextUpdate(crl, asn1time)) {
 	ASN1_TIME_free(asn1time);
 	ossl_raise(eX509CRLError, "X509_CRL_set_nextUpdate");
     }