diff -Naur stunnel-5.43.orig/src/common.h stunnel-5.43/src/common.h
--- stunnel-5.43.orig/src/common.h	2017-01-02 14:27:26.000000000 +0000
+++ stunnel-5.43/src/common.h	2017-11-06 13:42:39.940942240 +0000
@@ -448,7 +448,7 @@
 #define OPENSSL_NO_TLS1_2
 #endif /* OpenSSL older than 1.0.1 || defined(OPENSSL_NO_TLS1) */
 
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
 #ifndef OPENSSL_NO_SSL2
 #define OPENSSL_NO_SSL2
 #endif /* !defined(OPENSSL_NO_SSL2) */
@@ -474,7 +474,7 @@
 #include <openssl/des.h>
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
 #endif /* OpenSSL older than 1.1.0 */
 #endif /* !defined(OPENSSL_NO_DH) */
diff -Naur stunnel-5.43.orig/src/ctx.c stunnel-5.43/src/ctx.c
--- stunnel-5.43.orig/src/ctx.c	2017-08-17 09:18:53.000000000 +0000
+++ stunnel-5.43/src/ctx.c	2017-11-06 13:47:55.571861529 +0000
@@ -295,7 +295,7 @@
 
 #ifndef OPENSSL_NO_DH
 
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 NOEXPORT STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx) {
     return ctx->cipher_list;
 }
@@ -398,7 +398,7 @@
 /**************************************** initialize OpenSSL CONF */
 
 NOEXPORT int conf_init(SERVICE_OPTIONS *section) {
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
     SSL_CONF_CTX *cctx;
     NAME_LIST *curr;
     char *cmd, *param;
diff -Naur stunnel-5.43.orig/src/options.c stunnel-5.43/src/options.c
--- stunnel-5.43.orig/src/options.c	2017-10-16 18:38:47.000000000 +0000
+++ stunnel-5.43/src/options.c	2017-11-06 13:46:18.630650320 +0000
@@ -3656,7 +3656,7 @@
     }
 #endif
     /* engines can add new algorithms */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
     OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS|
         OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
 #else
diff -Naur stunnel-5.43.orig/src/ssl.c stunnel-5.43/src/ssl.c
--- stunnel-5.43.orig/src/ssl.c	2017-10-07 14:23:08.000000000 +0000
+++ stunnel-5.43/src/ssl.c	2017-11-06 13:42:39.940942240 +0000
@@ -51,7 +51,7 @@
 int index_session_authenticated, index_session_connect_address;
 
 int ssl_init(void) { /* init TLS before parsing configuration file */
-#if OPENSSL_VERSION_NUMBER>=0x10100000L
+#if OPENSSL_VERSION_NUMBER>=0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
         OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_LOAD_CONFIG, NULL);
 #else
@@ -87,7 +87,7 @@
 }
 
 #ifndef OPENSSL_NO_DH
-#if OPENSSL_VERSION_NUMBER<0x10100000L
+#if OPENSSL_VERSION_NUMBER<0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 /* this is needed for dhparam.c generated with OpenSSL >= 1.1.0
  * to be linked against the older versions */
 int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) {
diff -Naur stunnel-5.43.orig/src/sthreads.c stunnel-5.43/src/sthreads.c
--- stunnel-5.43.orig/src/sthreads.c	2017-08-17 09:18:53.000000000 +0000
+++ stunnel-5.43/src/sthreads.c	2017-11-06 13:42:39.940942240 +0000
@@ -216,7 +216,7 @@
 
 struct CRYPTO_dynlock_value stunnel_locks[STUNNEL_LOCKS];
 
-#if OPENSSL_VERSION_NUMBER<0x10100004L
+#if OPENSSL_VERSION_NUMBER<0x10100004L || defined(LIBRESSL_VERSION_NUMBER)
 #define CRYPTO_THREAD_lock_new() CRYPTO_get_new_dynlockid()
 #endif
 
diff -Naur stunnel-5.43.orig/src/verify.c stunnel-5.43/src/verify.c
--- stunnel-5.43.orig/src/verify.c	2017-05-13 09:01:07.000000000 +0000
+++ stunnel-5.43/src/verify.c	2017-11-06 13:46:56.317566128 +0000
@@ -51,7 +51,7 @@
 NOEXPORT int verify_callback(int, X509_STORE_CTX *);
 NOEXPORT int verify_checks(CLI *, int, X509_STORE_CTX *);
 NOEXPORT int cert_check(CLI *, X509_STORE_CTX *, int);
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 NOEXPORT int cert_check_subject(CLI *, X509_STORE_CTX *);
 #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
 NOEXPORT int cert_check_local(X509_STORE_CTX *);
@@ -285,7 +285,7 @@
     }
 
     if(depth==0) { /* additional peer certificate checks */
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
         if(!cert_check_subject(c, callback_ctx))
             return 0; /* reject */
 #endif /* OPENSSL_VERSION_NUMBER>=0x10002000L */
@@ -296,7 +296,7 @@
     return 1; /* accept */
 }
 
-#if OPENSSL_VERSION_NUMBER>=0x10002000L
+#if OPENSSL_VERSION_NUMBER>=0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
 NOEXPORT int cert_check_subject(CLI *c, X509_STORE_CTX *callback_ctx) {
     X509 *cert=X509_STORE_CTX_get_current_cert(callback_ctx);
     NAME_LIST *ptr;
@@ -353,7 +353,7 @@
     cert=X509_STORE_CTX_get_current_cert(callback_ctx);
     subject=X509_get_subject_name(cert);
 
-#if OPENSSL_VERSION_NUMBER<0x10100006L
+#if OPENSSL_VERSION_NUMBER<0x10100006L || defined(LIBRESSL_VERSION_NUMBER)
 #define X509_STORE_CTX_get1_certs X509_STORE_get1_certs
 #endif
     /* modern API allows retrieving multiple matching certificates */