diff --git a/CHANGES b/CHANGES
index 206a095..2717581 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+master
+
+ * Require OpenSSL 1.1.0+
+
 wrk 4.0.2
 
  * Send hostname using TLS SNI.
diff --git a/Makefile b/Makefile
index a4276d3..167cf19 100644
--- a/Makefile
+++ b/Makefile
@@ -74,7 +74,7 @@ $(ODIR)/%.o : %.c
 LUAJIT  := $(notdir $(patsubst %.tar.gz,%,$(wildcard deps/LuaJIT*.tar.gz)))
 OPENSSL := $(notdir $(patsubst %.tar.gz,%,$(wildcard deps/openssl*.tar.gz)))
 
-OPENSSL_OPTS = no-shared no-ssl2 no-psk no-srp no-dtls no-idea --prefix=$(abspath $(ODIR))
+OPENSSL_OPTS = no-shared no-psk no-srp no-dtls no-idea --prefix=$(abspath $(ODIR))
 
 $(ODIR)/$(LUAJIT):  deps/$(LUAJIT).tar.gz  | $(ODIR)
 	@tar -C $(ODIR) -xf $<
@@ -93,7 +93,10 @@ ifeq ($(TARGET), darwin)
 else
 	@$(SHELL) -c "cd $< && ./config $(OPENSSL_OPTS)"
 endif
-	@$(MAKE) -C $< depend install
+	@$(MAKE) -C $< depend
+	@$(MAKE) -C $<
+	@$(MAKE) -C $< install_sw
+	@touch $@
 
 # ------------
 
diff --git a/deps/openssl-1.0.2g.tar.gz b/deps/openssl-1.0.2g.tar.gz
deleted file mode 100644
index 315ad62..0000000
Binary files a/deps/openssl-1.0.2g.tar.gz and /dev/null differ
diff --git a/deps/openssl-1.1.0d.tar.gz b/deps/openssl-1.1.0d.tar.gz
new file mode 100644
index 0000000..5c1b14c
Binary files /dev/null and b/deps/openssl-1.1.0d.tar.gz differ
diff --git a/src/ssl.c b/src/ssl.c
index a4a88c4..fb191d5 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -8,21 +8,6 @@
 
 #include "ssl.h"
 
-static pthread_mutex_t *locks;
-
-static void ssl_lock(int mode, int n, const char *file, int line) {
-    pthread_mutex_t *lock = &locks[n];
-    if (mode & CRYPTO_LOCK) {
-        pthread_mutex_lock(lock);
-    } else {
-        pthread_mutex_unlock(lock);
-    }
-}
-
-static unsigned long ssl_id() {
-    return (unsigned long) pthread_self();
-}
-
 SSL_CTX *ssl_init() {
     SSL_CTX *ctx = NULL;
 
@@ -30,20 +15,11 @@ SSL_CTX *ssl_init() {
     SSL_library_init();
     OpenSSL_add_all_algorithms();
 
-    if ((locks = calloc(CRYPTO_num_locks(), sizeof(pthread_mutex_t)))) {
-        for (int i = 0; i < CRYPTO_num_locks(); i++) {
-            pthread_mutex_init(&locks[i], NULL);
-        }
-
-        CRYPTO_set_locking_callback(ssl_lock);
-        CRYPTO_set_id_callback(ssl_id);
-
-        if ((ctx = SSL_CTX_new(SSLv23_client_method()))) {
-            SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
-            SSL_CTX_set_verify_depth(ctx, 0);
-            SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
-            SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);
-        }
+    if ((ctx = SSL_CTX_new(SSLv23_client_method()))) {
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);
+        SSL_CTX_set_verify_depth(ctx, 0);
+        SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT);
     }
 
     return ctx;