diff --git a/src/config.c b/src/config.c
index da629177976efdd763d7298a72c931835b86d748..4521a6dc6c7b3ee2eef56b36eb07301d89c8d138 100644
--- a/src/config.c
+++ b/src/config.c
@@ -132,7 +132,7 @@ int parse_min_tls(const char *str)
 		return TLS1_1_VERSION;
 	case '2':
 		return TLS1_2_VERSION;
-#if OPENSSL_VERSION_NUMBER < 0x020000000L
+#ifdef TLS1_3_VERSION
 	/*
 	 * libressl uses version numbers starting with major version 2
 	 * but does not yet support TLS 1.3
diff --git a/src/tunnel.c b/src/tunnel.c
index 02532393af2da7b7641a249e0b7045d8ebc9323a..6333d0d8dbe820cf55eb28f8a7763ca93348c24f 100644
--- a/src/tunnel.c
+++ b/src/tunnel.c
@@ -55,6 +55,11 @@
 #include <systemd/sd-daemon.h>
 #endif
 
+// we use this constant in the source, so define a fallback if not defined
+#ifndef OPENSSL_API_COMPAT
+#define OPENSSL_API_COMPAT 0x0908000L
+#endif
+
 struct ofv_varr {
 	unsigned cap;		// current capacity
 	unsigned off;		// next slot to write, always < max(cap - 1, 1)
@@ -720,10 +725,13 @@ int ssl_connect(struct tunnel *tunnel)
 	if (tunnel->ssl_socket == -1)
 		return 1;
 
+	// registration is deprecated from openssl 1.1.0 onwards
+#if OPENSSL_API_COMPAT < 0x10100000L
 	// Register the error strings for libcrypto & libssl
 	SSL_load_error_strings();
 	// Register the available ciphers and digests
 	SSL_library_init();
+#endif
 
 	tunnel->ssl_context = SSL_CTX_new(SSLv23_client_method());
 	if (tunnel->ssl_context == NULL) {