--- a/mysys_ssl/my_aes_openssl.cc
+++ b/mysys_ssl/my_aes_openssl.cc
@@ -108,33 +108,54 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length,
                    const unsigned char *key, uint32 key_length,
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
-  EVP_CIPHER_CTX ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+  EVP_CIPHER_CTX ctx_value;
+  EVP_CIPHER_CTX *ctx= &ctx_value;
+#else
+  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
+  if (unlikely(!ctx))
+    return MY_AES_BAD_DATA;
+#endif
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
   /* The real key to be used for encryption */
   unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
   my_aes_create_key(key, key_length, rkey, mode);
 
-  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0
+                  && EVP_CIPHER_mode(cipher) != EVP_CIPH_ECB_MODE && !iv))
+  {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    EVP_CIPHER_CTX_free(ctx);
+#endif
     return MY_AES_BAD_DATA;
+  }
 
-  if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
+  if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
 
-  if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
+  if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else
+  EVP_CIPHER_CTX_free(ctx);
+#endif
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else
+  EVP_CIPHER_CTX_free(ctx);
+#endif
   return MY_AES_BAD_DATA;
 }
 
@@ -145,7 +166,14 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
 
-  EVP_CIPHER_CTX ctx;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX ctx_value;
+  EVP_CIPHER_CTX *ctx= &ctx_value;
+#else
+  EVP_CIPHER_CTX *ctx= EVP_CIPHER_CTX_new();
+  if (unlikely(!ctx))
+    return MY_AES_BAD_DATA;
+#endif
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
 
@@ -153,27 +181,41 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
   unsigned char rkey[MAX_AES_KEY_LENGTH / 8];
 
   my_aes_create_key(key, key_length, rkey, mode);
-  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
+  if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0
+                  && EVP_CIPHER_mode(cipher) != EVP_CIPH_ECB_MODE && !iv))
+  {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+    EVP_CIPHER_CTX_free(ctx);
+#endif
     return MY_AES_BAD_DATA;
+  }
 
-  EVP_CIPHER_CTX_init(&ctx);
+  EVP_CIPHER_CTX_init(ctx);
 
-  if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
+  if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
+  if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else
+  EVP_CIPHER_CTX_free(ctx);
+#endif
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else
+  EVP_CIPHER_CTX_free(ctx);
+#endif
   return MY_AES_BAD_DATA;
 }
 
--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -1968,7 +1968,11 @@ static int ssl_verify_server_cert(Vio *vio, const char* server_hostname, const c
     goto error;
   }
 
-  cn= (char *) ASN1_STRING_data(cn_asn1);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+  cn= (const char *) ASN1_STRING_data(cn_asn1);
+#else
+  cn= (const char *) ASN1_STRING_get0_data(cn_asn1);
+#endif
 
   // There should not be any NULL embedded in the CN
   if ((size_t)ASN1_STRING_length(cn_asn1) != strlen(cn))
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -1252,7 +1252,7 @@ char *opt_ssl_ca= NULL, *opt_ssl_capath= NULL, *opt_ssl_cert= NULL,
 
 #ifdef HAVE_OPENSSL
 #include <openssl/crypto.h>
-#ifndef HAVE_YASSL
+#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
 typedef struct CRYPTO_dynlock_value
 {
   mysql_rwlock_t lock;
@@ -2021,7 +2021,7 @@ static void clean_up_mutexes()
   mysql_mutex_destroy(&LOCK_connection_count);
 #ifdef HAVE_OPENSSL
   mysql_mutex_destroy(&LOCK_des_key_file);
-#ifndef HAVE_YASSL
+#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
   for (int i= 0; i < CRYPTO_num_locks(); ++i)
     mysql_rwlock_destroy(&openssl_stdlocks[i].lock);
   OPENSSL_free(openssl_stdlocks);
@@ -4242,7 +4242,7 @@ static int init_thread_environment()
 #ifdef HAVE_OPENSSL
   mysql_mutex_init(key_LOCK_des_key_file,
                    &LOCK_des_key_file, MY_MUTEX_INIT_FAST);
-#ifndef HAVE_YASSL
+#if !defined(HAVE_YASSL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
   openssl_stdlocks= (openssl_lock_t*) OPENSSL_malloc(CRYPTO_num_locks() *
                                                      sizeof(openssl_lock_t));
   for (int i= 0; i < CRYPTO_num_locks(); ++i)
@@ -4285,7 +4285,8 @@ static int init_thread_environment()
 }
 
 
-#if defined(HAVE_OPENSSL) && !defined(HAVE_YASSL)
+#if defined(HAVE_OPENSSL) && !defined(HAVE_YASSL) && \
+    (OPENSSL_VERSION_NUMBER < 0x10100000L)
 static unsigned long openssl_id_function()
 {
   return (unsigned long) pthread_self();
--- a/vio/vio.c
+++ b/vio/vio.c
@@ -383,8 +383,10 @@ void vio_end(void)
 #if defined(HAVE_YASSL)
   yaSSL_CleanUp();
 #elif defined(HAVE_OPENSSL)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
   // This one is needed on the client side
   ERR_remove_state(0);
+#endif
   ERR_free_strings();
   EVP_cleanup();
   CRYPTO_cleanup_all_ex_data();
--- a/vio/viossl.c
+++ b/vio/viossl.c
@@ -380,7 +380,8 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
   my_socket sd= mysql_socket_getfd(vio->mysql_socket);
 
   /* Declared here to make compiler happy */
-#if !defined(HAVE_YASSL) && !defined(DBUG_OFF)
+#if !defined(HAVE_YASSL) && !defined(DBUG_OFF) && \
+    (OPENSSL_VERSION_NUMBER < 0x10100000L)
   int j, n;
 #endif
 
@@ -403,7 +404,9 @@ static int ssl_do(struct st_VioSSLFd *ptr, Vio *vio,
   sk_SSL_COMP_zero(SSL_COMP_get_compression_methods());
 #endif
 
-#if !defined(HAVE_YASSL) && !defined(DBUG_OFF)
+#if !defined(HAVE_YASSL) && !defined(DBUG_OFF) && \
+    (OPENSSL_VERSION_NUMBER < 0x10100000L)
+
   {
     STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
     ssl_comp_methods = SSL_COMP_get_compression_methods();