diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 40d51498..95c0fe92 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -293,6 +293,7 @@ pub const NID_key_usage:     c_int = 83;
 
 pub const PKCS5_SALT_LEN: c_int = 8;
 
+pub const SSL_CTRL_SET_TMP_DH: c_int = 3;
 pub const SSL_CTRL_OPTIONS: c_int = 32;
 pub const SSL_CTRL_MODE: c_int = 33;
 pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
@@ -535,6 +536,10 @@ pub unsafe fn SSL_CTX_set_read_ahead(ctx: *mut SSL_CTX, m: c_long) -> c_long {
     SSL_CTX_ctrl(ctx, SSL_CTRL_SET_READ_AHEAD, m, ptr::null_mut())
 }
 
+pub unsafe fn SSL_CTX_set_tmp_dh(ctx: *mut SSL_CTX, dh: *mut DH) -> c_long {
+    SSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh as *mut c_void)
+}
+
 pub unsafe fn SSL_CTX_set_tlsext_servername_callback(ctx: *mut SSL_CTX,
                                                      cb: Option<extern "C" fn()>)
                                                      -> c_long {
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 385fab85..21764bfb 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -516,7 +516,7 @@ impl SslContext {
     }
 
     pub fn set_tmp_dh(&mut self, dh: DH) -> Result<(), ErrorStack> {
-        wrap_ssl_result(unsafe { ffi_extras::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 })
+        wrap_ssl_result(unsafe { ffi::SSL_CTX_set_tmp_dh(self.ctx, dh.raw()) as i32 })
     }
 
     /// Use the default locations of trusted certificates for verification.