diff --git a/cherokee-openssl-1.1.patch b/cherokee-openssl-1.1.patch
new file mode 100644
index 0000000..583427d
--- /dev/null
+++ b/cherokee-openssl-1.1.patch
@@ -0,0 +1,263 @@
+diff -uNr webserver-1.2.104.orig/cherokee/cryptor_libssl.c webserver-1.2.104/cherokee/cryptor_libssl.c
+--- webserver-1.2.104.orig/cherokee/cryptor_libssl.c	2014-04-01 19:12:48.000000001 +0200
++++ webserver-1.2.104/cherokee/cryptor_libssl.c	2017-12-13 15:58:01.423061177 +0100
+@@ -53,6 +53,8 @@
+ static DH *dh_param_2048 = NULL;
+ static DH *dh_param_4096 = NULL;
+ 
++#include "cryptor_libssl_compat.h"
++
+ #include "cryptor_libssl_dh_512.c"
+ #include "cryptor_libssl_dh_1024.c"
+ #include "cryptor_libssl_dh_2048.c"
+@@ -238,13 +240,13 @@
+ 	/* SSL_set_SSL_CTX() only change certificates. We need to
+ 	 * changes more options by hand.
+ 	 */
+-	SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx));
++	SSL_set_options(ssl, SSL_CTX_get_options(ctx));
+ 
+ 	if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
+ 	    (SSL_num_renegotiations(ssl) == 0)) {
+ 
+-		SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx),
+-		               SSL_CTX_get_verify_callback(ssl->ctx));
++		SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx),
++		               SSL_CTX_get_verify_callback(ctx));
+ 	}
+ 
+ 	return ret_ok;
+@@ -790,11 +792,13 @@
+ 	}
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	/* Disable Ciphers renegotiation (CVE-2009-3555)
+ 	 */
+ 	if (cryp->session->s3) {
+ 		cryp->session->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+ 	}
++#endif
+ 
+ 	return ret_ok;
+ }
+@@ -1330,10 +1334,15 @@
+ 
+ 	/* Init OpenSSL
+ 	 */
+-	OPENSSL_config (NULL);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++	OPENSSL_config(NULL);
+ 	SSL_library_init();
+ 	SSL_load_error_strings();
+ 	OpenSSL_add_all_algorithms();
++#else
++	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
++	OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
++#endif
+ 
+ 	/* Ensure PRNG has been seeded with enough data
+ 	 */
+diff -uNr webserver-1.2.104.orig/cherokee/cryptor_libssl_compat.h webserver-1.2.104/cherokee/cryptor_libssl_compat.h
+--- webserver-1.2.104.orig/cherokee/cryptor_libssl_compat.h	1970-01-01 01:00:00.000000000 +0100
++++ webserver-1.2.104/cherokee/cryptor_libssl_compat.h	2017-12-13 15:59:58.323961657 +0100
+@@ -0,0 +1,36 @@
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#include <string.h>
++#include <openssl/engine.h>
++
++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++	/* If the fields p and g in d are NULL, the corresponding input
++	 * parameters MUST be non-NULL.  q may remain NULL.
++	 */
++
++	if ((dh->p == NULL && p == NULL)
++	    || (dh->g == NULL && g == NULL))
++		return 0;
++
++	if (p != NULL) {
++		BN_free(dh->p);
++		dh->p = p;
++	}
++
++	if (q != NULL) {
++		BN_free(dh->q);
++		dh->q = q;
++	}
++
++	if (g != NULL) {
++		BN_free(dh->g);
++		dh->g = g;
++	}
++
++	if (q != NULL) {
++		dh->length = BN_num_bits(q);
++	}
++
++	return 1;
++}
++#endif
+diff -uNr webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_1024.c webserver-1.2.104/cherokee/cryptor_libssl_dh_1024.c
+--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_1024.c	2014-04-01 19:12:48.000000001 +0200
++++ webserver-1.2.104/cherokee/cryptor_libssl_dh_1024.c	2017-12-13 16:02:28.923256922 +0100
+@@ -2,9 +2,10 @@
+ #ifndef HEADER_DH_H
+ #include <openssl/dh.h>
+ #endif
++
+ static DH *get_dh1024()
+ {
+-	static unsigned char dh1024_p[]={
++	static unsigned char dhp_1024[]={
+ 		0x85,0x08,0xFF,0x6C,0xC1,0x0C,0x23,0x55,0xC5,0xF8,0x3D,0x47,
+ 		0x6F,0x23,0x36,0xDA,0x98,0xF3,0xE4,0x56,0xCD,0xA0,0xF3,0x02,
+ 		0x18,0xB0,0xCB,0xD2,0x92,0x4B,0xDC,0x76,0x2B,0x24,0x2B,0x20,
+@@ -17,16 +18,20 @@
+ 		0xF4,0xB8,0xB7,0x5B,0xEF,0x7E,0x06,0x43,0x2A,0x8E,0x33,0x69,
+ 		0x71,0x65,0x35,0xBF,0xCB,0xCD,0xB0,0x5B,
+ 	};
+-	static unsigned char dh1024_g[]={
++	static unsigned char dhg_1024[]={
+ 		0x02,
+ 	};
+ 	DH *dh;
++	BIGNUM *dhp_bn, *dhg_bn;
+ 
+ 	if ((dh=DH_new()) == NULL) return(NULL);
+-	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+-	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+-	if ((dh->p == NULL) || (dh->g == NULL)) {
+-		DH_free(dh); return(NULL);
++	dhp_bn = BN_bin2bn(dhp_1024, sizeof (dhp_1024), NULL);
++	dhg_bn = BN_bin2bn(dhg_1024, sizeof (dhg_1024), NULL);
++	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
++		DH_free(dh);
++		BN_free(dhp_bn);
++		BN_free(dhg_bn);
++		return(NULL);
+ 	}
+ 	return(dh);
+ }
+diff -uNr webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_2048.c webserver-1.2.104/cherokee/cryptor_libssl_dh_2048.c
+--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_2048.c	2014-04-01 19:12:48.000000001 +0200
++++ webserver-1.2.104/cherokee/cryptor_libssl_dh_2048.c	2017-12-13 16:04:12.800391307 +0100
+@@ -2,9 +2,10 @@
+ #ifndef HEADER_DH_H
+ #include <openssl/dh.h>
+ #endif
++
+ static DH *get_dh2048()
+ {
+-	static unsigned char dh2048_p[]={
++	static unsigned char dhp_2048[]={
+ 		0xC8,0xF1,0xD4,0x48,0xB6,0x11,0x5B,0x2B,0x9E,0x3D,0xE4,0x49,
+ 		0x0A,0xC4,0x8A,0x0B,0xFF,0xAC,0x09,0x4F,0x88,0x91,0x08,0xB8,
+ 		0x7D,0x71,0xB7,0x7D,0x87,0x44,0x09,0x70,0x15,0xFF,0x0C,0xAF,
+@@ -28,16 +29,20 @@
+ 		0x7C,0x83,0xB9,0x40,0x7A,0x2E,0xA4,0x1D,0x85,0x68,0x69,0x66,
+ 		0xF8,0xAA,0x70,0x6B,
+ 	};
+-	static unsigned char dh2048_g[]={
++	static unsigned char dhg_2048[]={
+ 		0x02,
+ 	};
+ 	DH *dh;
++	BIGNUM *dhp_bn, *dhg_bn;
+ 
+ 	if ((dh=DH_new()) == NULL) return(NULL);
+-	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+-	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+-	if ((dh->p == NULL) || (dh->g == NULL)) {
+-		DH_free(dh); return(NULL);
++	dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL);
++	dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL);
++	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
++		DH_free(dh);
++		BN_free(dhp_bn);
++		BN_free(dhg_bn);
++		return(NULL);
+ 	}
+ 	return(dh);
+ }
+diff -uNr webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_4096.c webserver-1.2.104/cherokee/cryptor_libssl_dh_4096.c
+--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_4096.c	2014-04-01 19:12:48.000000001 +0200
++++ webserver-1.2.104/cherokee/cryptor_libssl_dh_4096.c	2017-12-13 16:05:26.805062197 +0100
+@@ -2,9 +2,10 @@
+ #ifndef HEADER_DH_H
+ #include <openssl/dh.h>
+ #endif
++
+ static DH *get_dh4096()
+ {
+-	static unsigned char dh4096_p[]={
++	static unsigned char dhp_4096[]={
+ 		0xD2,0xB2,0x5E,0x24,0x83,0x8E,0x04,0x17,0x39,0xAB,0x99,0x5A,
+ 		0xAB,0x0C,0x15,0x3C,0x95,0xE0,0xE4,0x48,0x3F,0xE4,0x22,0x48,
+ 		0xCA,0x19,0xCA,0xD0,0x9E,0xA7,0x09,0xD0,0x97,0x0F,0x31,0x49,
+@@ -49,16 +50,20 @@
+ 		0xE9,0xD3,0x8C,0x4A,0x7C,0x49,0x36,0x84,0xBF,0xD0,0xE0,0x45,
+ 		0x2C,0x74,0xC9,0x6D,0x09,0xDE,0xA1,0x33,
+ 	};
+-	static unsigned char dh4096_g[]={
++	static unsigned char dhg_4096[]={
+ 		0x02,
+ 	};
+ 	DH *dh;
++	BIGNUM *dhp_bn, *dhg_bn;
+ 
+ 	if ((dh=DH_new()) == NULL) return(NULL);
+-	dh->p=BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL);
+-	dh->g=BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL);
+-	if ((dh->p == NULL) || (dh->g == NULL)) {
+-		DH_free(dh); return(NULL);
++	dhp_bn = BN_bin2bn(dhp_4096, sizeof (dhp_4096), NULL);
++	dhg_bn = BN_bin2bn(dhg_4096, sizeof (dhg_4096), NULL);
++	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
++		DH_free(dh);
++		BN_free(dhp_bn);
++		BN_free(dhg_bn);
++		return(NULL);
+ 	}
+ 	return(dh);
+ }
+diff -uNr webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_512.c webserver-1.2.104/cherokee/cryptor_libssl_dh_512.c
+--- webserver-1.2.104.orig/cherokee/cryptor_libssl_dh_512.c	2014-04-01 19:12:48.000000001 +0200
++++ webserver-1.2.104/cherokee/cryptor_libssl_dh_512.c	2017-12-13 16:06:32.248886838 +0100
+@@ -2,9 +2,10 @@
+ #ifndef HEADER_DH_H
+ #include <openssl/dh.h>
+ #endif
++
+ static DH *get_dh512()
+ {
+-	static unsigned char dh512_p[]={
++	static unsigned char dhp_512[]={
+ 		0xED,0x78,0x7E,0x95,0xB9,0x05,0xD5,0x00,0x38,0xC6,0x6B,0x49,
+ 		0x78,0x22,0x78,0x43,0x8D,0xCC,0xF9,0x83,0x18,0xBB,0x6E,0xFE,
+ 		0xCD,0x90,0xC3,0x84,0xA8,0x5C,0x04,0x84,0xEB,0x85,0x1D,0x5B,
+@@ -12,16 +13,19 @@
+ 		0xA5,0xA7,0x10,0x7D,0x43,0x1B,0x6F,0xAD,0xA8,0xA1,0xB0,0xD3,
+ 		0xD9,0x23,0xD1,0x83,
+ 	};
+-	static unsigned char dh512_g[]={
++	static unsigned char dhg_512[]={
+ 		0x02,
+ 	};
+ 	DH *dh;
++	BIGNUM *dhp_bn, *dhg_bn;
+ 
+ 	if ((dh=DH_new()) == NULL) return(NULL);
+-	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+-	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+-	if ((dh->p == NULL) || (dh->g == NULL)) {
+-		DH_free(dh); return(NULL);
++	dhp_bn = BN_bin2bn(dhp_512, sizeof (dhp_512), NULL);
++	dhg_bn = BN_bin2bn(dhg_512, sizeof (dhg_512), NULL);
++	if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
++		DH_free(dh);
++		BN_free(dhp_bn);
++		BN_free(dhg_bn);
+ 	}
+ 	return(dh);
+ }