diff --git a/src/lib/ecore_con/efl_net_ssl_conn-openssl.c b/src/lib/ecore_con/efl_net_ssl_conn-openssl.c
index 3ecabea3e7..88bb3bc204 100644
--- a/src/lib/ecore_con/efl_net_ssl_conn-openssl.c
+++ b/src/lib/ecore_con/efl_net_ssl_conn-openssl.c
@@ -33,10 +33,16 @@
 static int
 efl_net_socket_bio_create(BIO *b)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   BIO_set_init(b, 1);
+   BIO_set_data(b, NULL);
+   BIO_set_flags(b, 0);
+#else
    b->init = 1;
    b->num = 0;
    b->ptr = NULL;
    b->flags = 0;
+#endif
    return 1;
 }
 
@@ -44,9 +50,15 @@ static int
 efl_net_socket_bio_destroy(BIO *b)
 {
    if (!b) return 0;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   BIO_set_init(b, 0);
+   BIO_set_data(b, NULL);
+   BIO_set_flags(b, 0);
+#else
    b->init = 0;
    b->ptr = NULL;
    b->flags = 0;
+#endif
    return 1;
 }
 
@@ -57,7 +69,11 @@ efl_net_socket_bio_read(BIO *b, char *buf, int len)
      .mem = buf,
      .len = len
    };
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   Eo *sock = BIO_get_data(b);
+#else
    Eo *sock = b->ptr;
+#endif
    Eina_Error err;
 
    if ((!buf) || (len <= 0)) return 0;
@@ -89,7 +105,11 @@ efl_net_socket_bio_write(BIO *b, const char *buf, int len)
      .mem = buf,
      .len = len
    };
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   Eo *sock = BIO_get_data(b);
+#else
    Eo *sock = b->ptr;
+#endif
    Eina_Error err;
 
    if ((!buf) || (len <= 0)) return 0;
@@ -129,17 +149,39 @@ efl_net_socket_bio_puts(BIO *b, const char *str)
    return efl_net_socket_bio_write(b, str, strlen(str));
 }
 
-static BIO_METHOD efl_net_socket_bio = {
-  0x400, /* 0x400 means source & sink */
-  "efl_net_socket wrapper",
-  efl_net_socket_bio_write,
-  efl_net_socket_bio_read,
-  efl_net_socket_bio_puts,
-  NULL, /* no gets */
-  efl_net_socket_bio_ctrl,
-  efl_net_socket_bio_create,
-  efl_net_socket_bio_destroy
-};
+static BIO_METHOD *
+__efl_net_socket_bio_get(void)
+{
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   static BIO_METHOD *efl_net_socket_bio = NULL;
+
+   if (efl_net_socket_bio) return efl_net_socket_bio;
+   efl_net_socket_bio = BIO_meth_new(0x400 /* 0x400 means source & sink */,
+                                     "efl_net_socket wrapper");
+   BIO_meth_set_write(efl_net_socket_bio, efl_net_socket_bio_write);
+   BIO_meth_set_read(efl_net_socket_bio, efl_net_socket_bio_read);
+   BIO_meth_set_puts(efl_net_socket_bio, efl_net_socket_bio_puts);
+   BIO_meth_set_ctrl(efl_net_socket_bio, efl_net_socket_bio_ctrl);
+   BIO_meth_set_create(efl_net_socket_bio, efl_net_socket_bio_create);
+   BIO_meth_set_destroy(efl_net_socket_bio, efl_net_socket_bio_destroy);
+   // FIXME: some day we need to clean up, but for now a singleton alloc is ok
+   // BIO_meth_free(efl_net_socket_bio);
+   return efl_net_socket_bio;
+#else
+   static BIO_METHOD efl_net_socket_bio = {
+      0x400, /* 0x400 means source & sink */
+      "efl_net_socket wrapper",
+      efl_net_socket_bio_write,
+      efl_net_socket_bio_read,
+      efl_net_socket_bio_puts,
+      NULL, /* no gets */
+      efl_net_socket_bio_ctrl,
+      efl_net_socket_bio_create,
+      efl_net_socket_bio_destroy
+   };
+   return &efl_net_socket_bio;
+#endif
+}
 
 struct _Efl_Net_Ssl_Conn
 {
@@ -314,10 +356,14 @@ efl_net_ssl_conn_setup(Efl_Net_Ssl_Conn *conn, Eina_Bool is_dialer, Efl_Net_Sock
    conn->ssl = efl_net_ssl_context_connection_new(context);
    EINA_SAFETY_ON_NULL_RETURN_VAL(conn->ssl, ENOSYS);
 
-   conn->bio = BIO_new(&efl_net_socket_bio);
+   conn->bio = BIO_new(__efl_net_socket_bio_get());
    EINA_SAFETY_ON_NULL_GOTO(conn->bio, error_bio);
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   BIO_set_data(conn->bio, sock);
+#else
    conn->bio->ptr = sock;
+#endif
 
    SSL_set_bio(conn->ssl, conn->bio, conn->bio);
    if (is_dialer)
diff --git a/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c b/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c
index 12614c728b..ce87b91bee 100644
--- a/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c
+++ b/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c
@@ -272,6 +272,7 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, Efl_Net_Ssl_Ctx_Config cfg)
               ERR("ssl_ctx=%p SSLv3 is disabled in your OpenSSL build", ctx);
 #endif
               break;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
            case EFL_NET_SSL_CIPHER_TLSV1:
               ctx->ssl_ctx = SSL_CTX_new(TLSv1_client_method());
               break;
@@ -281,6 +282,7 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, Efl_Net_Ssl_Ctx_Config cfg)
            case EFL_NET_SSL_CIPHER_TLSV1_2:
               ctx->ssl_ctx = SSL_CTX_new(TLSv1_2_client_method());
               break;
+#endif
            default:
               ERR("ssl_ctx=%p unsupported cipher %d", ctx, cfg.cipher);
               return EINVAL;
@@ -302,6 +304,7 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, Efl_Net_Ssl_Ctx_Config cfg)
               ERR("ssl_ctx=%p SSLv3 is disabled in your OpenSSL build", ctx);
 #endif
               break;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
            case EFL_NET_SSL_CIPHER_TLSV1:
               ctx->ssl_ctx = SSL_CTX_new(TLSv1_server_method());
               break;
@@ -311,6 +314,7 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, Efl_Net_Ssl_Ctx_Config cfg)
            case EFL_NET_SSL_CIPHER_TLSV1_2:
               ctx->ssl_ctx = SSL_CTX_new(TLSv1_2_server_method());
               break;
+#endif
            default:
               ERR("ssl_ctx=%p unsupported cipher %d", ctx, cfg.cipher);
               return EINVAL;
diff --git a/src/lib/eet/eet_cipher.c b/src/lib/eet/eet_cipher.c
index cf9ef71a56..ea4880edcb 100644
--- a/src/lib/eet/eet_cipher.c
+++ b/src/lib/eet/eet_cipher.c
@@ -475,7 +475,11 @@ eet_identity_sign(FILE    *fp,
    gnutls_datum_t signum = { NULL, 0 };
    gnutls_privkey_t privkey;
 # else /* ifdef HAVE_GNUTLS */
+#  if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   EVP_MD_CTX *md_ctx;
+#  else
    EVP_MD_CTX md_ctx;
+#  endif
    unsigned int sign_len = 0;
    int cert_len = 0;
 # endif /* ifdef HAVE_GNUTLS */
@@ -561,12 +565,24 @@ eet_identity_sign(FILE    *fp,
      }
 
    /* Do the signature. */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   md_ctx = EVP_MD_CTX_new();
+   EVP_SignInit(md_ctx, EVP_sha1());
+   EVP_SignUpdate(md_ctx, data, st_buf.st_size);
+   err = EVP_SignFinal(md_ctx,
+                       sign,
+                       (unsigned int *)&sign_len,
+                       key->private_key);
+   EVP_MD_CTX_free(md_ctx);
+#else
    EVP_SignInit(&md_ctx, EVP_sha1());
    EVP_SignUpdate(&md_ctx, data, st_buf.st_size);
    err = EVP_SignFinal(&md_ctx,
                        sign,
                        (unsigned int *)&sign_len,
                        key->private_key);
+   EVP_MD_CTX_cleanup(&md_ctx);
+#endif
    if (err != 1)
      {
         ERR_print_errors_fp(stdout);
@@ -738,7 +754,11 @@ eet_identity_check(const void   *data_base,
    const unsigned char *tmp;
    EVP_PKEY *pkey;
    X509 *x509;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   EVP_MD_CTX *md_ctx;
+#else
    EVP_MD_CTX md_ctx;
+#endif
    int err;
 
    /* Strange but d2i_X509 seems to put 0 all over the place. */
@@ -757,9 +777,18 @@ eet_identity_check(const void   *data_base,
      }
 
    /* Verify the signature */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   md_ctx = EVP_MD_CTX_new();
+   EVP_VerifyInit(md_ctx, EVP_sha1());
+   EVP_VerifyUpdate(md_ctx, data_base, data_length);
+   err = EVP_VerifyFinal(md_ctx, sign, sign_len, pkey);
+   EVP_MD_CTX_free(md_ctx);
+#else
    EVP_VerifyInit(&md_ctx, EVP_sha1());
    EVP_VerifyUpdate(&md_ctx, data_base, data_length);
    err = EVP_VerifyFinal(&md_ctx, sign, sign_len, pkey);
+   EVP_MD_CTX_cleanup(&md_ctx);
+#endif
 
    X509_free(x509);
    EVP_PKEY_free(pkey);
diff --git a/src/lib/emile/emile_cipher_openssl.c b/src/lib/emile/emile_cipher_openssl.c
index efd9324a5c..9e0cc04422 100644
--- a/src/lib/emile/emile_cipher_openssl.c
+++ b/src/lib/emile/emile_cipher_openssl.c
@@ -75,6 +75,16 @@ emile_binbuf_sha1(const Eina_Binbuf * data, unsigned char digest[20])
 {
    const EVP_MD *md = EVP_sha1();
    Eina_Slice slice = eina_binbuf_slice_get(data);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+   EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+
+   EVP_DigestInit_ex(ctx, md, NULL);
+
+   EVP_DigestUpdate(ctx, slice.mem, slice.len);
+   EVP_DigestFinal_ex(ctx, digest, NULL);
+
+   EVP_MD_CTX_free(ctx);
+#else
    EVP_MD_CTX ctx;
 
    EVP_MD_CTX_init(&ctx);
@@ -84,6 +94,7 @@ emile_binbuf_sha1(const Eina_Binbuf * data, unsigned char digest[20])
    EVP_DigestFinal_ex(&ctx, digest, NULL);
 
    EVP_MD_CTX_cleanup(&ctx);
+#endif
    return EINA_TRUE;
 }
 
@@ -308,9 +319,11 @@ emile_cipher_server_listen(Emile_Cipher_Type t)
          SSL_CTX_set_options(r->ssl_ctx,
                              options | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE);
          break;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
       case EMILE_TLSv1:
          r->ssl_ctx = SSL_CTX_new(TLSv1_server_method());
          break;
+#endif
       default:
          free(r);
          return NULL;
@@ -754,8 +767,10 @@ emile_cipher_server_connect(Emile_Cipher_Type t)
                              options | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE);
          break;
       case EMILE_TLSv1:
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
          r->ssl_ctx = SSL_CTX_new(TLSv1_client_method());
          break;
+#endif
       default:
          free(r);
          return NULL;