diff --git a/src/ssl/support.cc b/src/ssl/support.cc

index 3ad135d..73912ce 100644

--- a/src/ssl/support.cc

+++ b/src/ssl/support.cc

@@ -557,7 +557,11 @@ Ssl::VerifyCallbackParameters::At(Security::Connection &sconn)

 }

 // "dup" function for SSL_get_ex_new_index("cert_err_check")

-#if SQUID_USE_CONST_CRYPTO_EX_DATA_DUP

+#if OPENSSL_VERSION_MAJOR >= 3

+static int

+ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void **,

+                    int, long, void *)

+#elif SQUID_USE_CONST_CRYPTO_EX_DATA_DUP

 static int

 ssl_dupAclChecklist(CRYPTO_EX_DATA *, const CRYPTO_EX_DATA *, void *,

                     int, long, void *)

diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc

index cf1d4ba..4346ba5 100644

--- a/src/security/PeerOptions.cc

+++ b/src/security/PeerOptions.cc

@@ -297,130 +297,130 @@ static struct ssl_option {

 } ssl_options[] = {

-#if SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG

+#ifdef SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG

     {

         "NETSCAPE_REUSE_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG

     },

 #endif

-#if SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG

+#ifdef SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG

     {

         "SSLREF2_REUSE_CERT_TYPE_BUG", SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG

     },

 #endif

-#if SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER

+#ifdef SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER

     {

         "MICROSOFT_BIG_SSLV3_BUFFER", SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER

     },

 #endif

-#if SSL_OP_SSLEAY_080_CLIENT_DH_BUG

+#ifdef SSL_OP_SSLEAY_080_CLIENT_DH_BUG

     {

         "SSLEAY_080_CLIENT_DH_BUG", SSL_OP_SSLEAY_080_CLIENT_DH_BUG

     },

 #endif

-#if SSL_OP_TLS_D5_BUG

+#ifdef SSL_OP_TLS_D5_BUG

     {

         "TLS_D5_BUG", SSL_OP_TLS_D5_BUG

     },

 #endif

-#if SSL_OP_TLS_BLOCK_PADDING_BUG

+#ifdef SSL_OP_TLS_BLOCK_PADDING_BUG

     {

         "TLS_BLOCK_PADDING_BUG", SSL_OP_TLS_BLOCK_PADDING_BUG

     },

 #endif

-#if SSL_OP_TLS_ROLLBACK_BUG

+#ifdef SSL_OP_TLS_ROLLBACK_BUG

     {

         "TLS_ROLLBACK_BUG", SSL_OP_TLS_ROLLBACK_BUG

     },

 #endif

-#if SSL_OP_ALL

+#ifdef SSL_OP_ALL

     {

         "ALL", (long)SSL_OP_ALL

     },

 #endif

-#if SSL_OP_SINGLE_DH_USE

+#ifdef SSL_OP_SINGLE_DH_USE

     {

         "SINGLE_DH_USE", SSL_OP_SINGLE_DH_USE

     },

 #endif

-#if SSL_OP_EPHEMERAL_RSA

+#ifdef SSL_OP_EPHEMERAL_RSA

     {

         "EPHEMERAL_RSA", SSL_OP_EPHEMERAL_RSA

     },

 #endif

-#if SSL_OP_PKCS1_CHECK_1

+#ifdef SSL_OP_PKCS1_CHECK_1

     {

         "PKCS1_CHECK_1", SSL_OP_PKCS1_CHECK_1

     },

 #endif

-#if SSL_OP_PKCS1_CHECK_2

+#ifdef SSL_OP_PKCS1_CHECK_2

     {

         "PKCS1_CHECK_2", SSL_OP_PKCS1_CHECK_2

     },

 #endif

-#if SSL_OP_NETSCAPE_CA_DN_BUG

+#ifdef SSL_OP_NETSCAPE_CA_DN_BUG

     {

         "NETSCAPE_CA_DN_BUG", SSL_OP_NETSCAPE_CA_DN_BUG

     },

 #endif

-#if SSL_OP_NON_EXPORT_FIRST

+#ifdef SSL_OP_NON_EXPORT_FIRST

     {

         "NON_EXPORT_FIRST", SSL_OP_NON_EXPORT_FIRST

     },

 #endif

-#if SSL_OP_CIPHER_SERVER_PREFERENCE

+#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE

     {

         "CIPHER_SERVER_PREFERENCE", SSL_OP_CIPHER_SERVER_PREFERENCE

     },

 #endif

-#if SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG

+#ifdef SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG

     {

         "NETSCAPE_DEMO_CIPHER_CHANGE_BUG", SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG

     },

 #endif

-#if SSL_OP_NO_SSLv3

+#ifdef SSL_OP_NO_SSLv3

     {

         "NO_SSLv3", SSL_OP_NO_SSLv3

     },

 #endif

-#if SSL_OP_NO_TLSv1

+#ifdef SSL_OP_NO_TLSv1

     {

         "NO_TLSv1", SSL_OP_NO_TLSv1

     },

 #else

     { "NO_TLSv1", 0 },

 #endif

-#if SSL_OP_NO_TLSv1_1

+#ifdef SSL_OP_NO_TLSv1_1

     {

         "NO_TLSv1_1", SSL_OP_NO_TLSv1_1

     },

 #else

     { "NO_TLSv1_1", 0 },

 #endif

-#if SSL_OP_NO_TLSv1_2

+#ifdef SSL_OP_NO_TLSv1_2

     {

         "NO_TLSv1_2", SSL_OP_NO_TLSv1_2

     },

 #else

     { "NO_TLSv1_2", 0 },

 #endif

-#if SSL_OP_NO_TLSv1_3

+#ifdef SSL_OP_NO_TLSv1_3

     {

         "NO_TLSv1_3", SSL_OP_NO_TLSv1_3

     },

 #else

     { "NO_TLSv1_3", 0 },

 #endif

-#if SSL_OP_NO_COMPRESSION

+#ifdef SSL_OP_NO_COMPRESSION

     {

         "No_Compression", SSL_OP_NO_COMPRESSION

     },

 #endif

-#if SSL_OP_NO_TICKET

+#ifdef SSL_OP_NO_TICKET

     {

         "NO_TICKET", SSL_OP_NO_TICKET

     },

 #endif

-#if SSL_OP_SINGLE_ECDH_USE

+#ifdef SSL_OP_SINGLE_ECDH_USE

     {

         "SINGLE_ECDH_USE", SSL_OP_SINGLE_ECDH_USE

     },

@@ -512,7 +512,7 @@ Security::PeerOptions::parseOptions()

     }

-#if SSL_OP_NO_SSLv2

+#ifdef SSL_OP_NO_SSLv2

     // compliance with RFC 6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0

     op = op | SSL_OP_NO_SSLv2;

 #endif