diff --git a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c.sav b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c
--- a/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c.sav
+++ b/usr.sbin/rpc.tlsclntd/rpc.tlsclntd.c
@@ -299,7 +299,9 @@
 	rpctls_syscall(RPCTLS_SYSC_CLSHUTDOWN, "");
 
 	SSL_CTX_free(rpctls_ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	EVP_cleanup();
+#endif
 	return (0);
 }
 
@@ -480,9 +482,11 @@
 	size_t len, rlen;
 	int ret;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_library_init();
 	SSL_load_error_strings();
 	OpenSSL_add_all_algorithms();
+#endif
 
 	ctx = SSL_CTX_new(TLS_client_method());
 	if (ctx == NULL) {
@@ -490,7 +494,9 @@
 		    "failed\n");
 		return (NULL);
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_CTX_set_ecdh_auto(ctx, 1);
+#endif
 
 	if (rpctls_ciphers != NULL) {
 		/*
@@ -551,7 +557,7 @@
 				return (NULL);
 			}
 		}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 		ret = 1;
 		if (rpctls_verify_cafile != NULL)
 			ret = SSL_CTX_load_verify_file(ctx,
@@ -686,7 +692,11 @@
 		return (NULL);
 	}
 
+#if OPENSSL_VERSION_NUMBER > 0x30000000L
+	cert = SSL_get1_peer_certificate(ssl);
+#else
 	cert = SSL_get_peer_certificate(ssl);
+#endif
 	if (cert == NULL) {
 		rpctls_verbose_out("rpctls_connect: get peer"
 		    " certificate failed\n");
diff --git a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c.sav b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c
--- a/usr.sbin/rpc.tlsservd/rpc.tlsservd.c.sav
+++ b/usr.sbin/rpc.tlsservd/rpc.tlsservd.c
@@ -416,7 +416,9 @@
 	rpctls_svc_run();
 
 	SSL_CTX_free(rpctls_ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	EVP_cleanup();
+#endif
 	return (0);
 }
 
@@ -652,16 +654,20 @@
 	size_t len, rlen;
 	int ret;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_library_init();
 	SSL_load_error_strings();
 	OpenSSL_add_all_algorithms();
+#endif
 
 	ctx = SSL_CTX_new(TLS_server_method());
 	if (ctx == NULL) {
 		rpctls_verbose_out("rpctls_setup_ssl: SSL_CTX_new failed\n");
 		return (NULL);
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_CTX_set_ecdh_auto(ctx, 1);
+#endif
 
 	if (rpctls_ciphers != NULL) {
 		/*
@@ -733,7 +739,7 @@
 					return (NULL);
 				}
 			}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
 			ret = 1;
 			if (rpctls_verify_cafile != NULL)
 				ret = SSL_CTX_load_verify_file(ctx,
@@ -811,7 +817,11 @@
 		    SSL_get_cipher(ssl));
 	}
 	if (rpctls_do_mutual) {
+#if OPENSSL_VERSION_NUMBER > 0x30000000L
+		cert = SSL_get1_peer_certificate(ssl);
+#else
 		cert = SSL_get_peer_certificate(ssl);
+#endif
 		if (cert != NULL) {
 			if (!rpctls_verbose) {
 				gethostret = rpctls_gethost(s, sad, hostnam,