--- a/src/lib-dcrypt/dcrypt-openssl.c
+++ b/src/lib-dcrypt/dcrypt-openssl.c
@@ -20,6 +20,7 @@
 #include <openssl/engine.h>
 #include <openssl/hmac.h>
 #include <openssl/objects.h>
+#include <openssl/bn.h>
 #include "dcrypt.h"
 #include "dcrypt-private.h"
 
--- a/src/lib-ssl-iostream/dovecot-openssl-common.c
+++ b/src/lib-ssl-iostream/dovecot-openssl-common.c
@@ -63,9 +63,11 @@ void dovecot_openssl_common_global_ref(v
 		/*i_warning("CRYPTO_set_mem_functions() was called too late");*/
 	}
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_library_init();
 	SSL_load_error_strings();
 	OpenSSL_add_all_algorithms();
+#endif
 }
 
 bool dovecot_openssl_common_global_unref(void)
@@ -79,6 +81,7 @@ bool dovecot_openssl_common_global_unref
 		ENGINE_finish(dovecot_openssl_engine);
 		dovecot_openssl_engine = NULL;
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	/* OBJ_cleanup() is called automatically by EVP_cleanup() in
 	   newer versions. Doesn't hurt to call it anyway. */
 	OBJ_cleanup();
@@ -101,6 +104,7 @@ bool dovecot_openssl_common_global_unref
 #ifdef HAVE_OPENSSL_CLEANUP
 	OPENSSL_cleanup();
 #endif
+#endif
 	return FALSE;
 }
 
--- a/src/lib-ssl-iostream/iostream-openssl-context.c
+++ b/src/lib-ssl-iostream/iostream-openssl-context.c
@@ -6,6 +6,9 @@
 #include "dovecot-openssl-common.h"
 
 #include <openssl/crypto.h>
+#include <openssl/rsa.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
@@ -514,8 +517,10 @@ ssl_proxy_ctx_set_crypto_params(SSL_CTX
 	int nid;
 	const char *curve_name;
 #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	if (SSL_CTX_need_tmp_RSA(ssl_ctx) != 0)
 		SSL_CTX_set_tmp_rsa_callback(ssl_ctx, ssl_gen_rsa_key);
+#endif
 	if (set->dh == NULL || *set->dh == '\0')
 		SSL_CTX_set_tmp_dh_callback(ssl_ctx, ssl_tmp_dh_callback);
 #ifdef HAVE_ECDH