diff --git a/openssl-sys/Cargo.toml b/openssl-sys/Cargo.toml
index 1153dd5a..3b76c416 100644
--- a/openssl-sys/Cargo.toml
+++ b/openssl-sys/Cargo.toml
@@ -9,6 +9,7 @@ repository = "https://github.com/sfackler/rust-openssl"
 readme = "README.md"
 categories = ["cryptography", "external-ffi-bindings"]
 links = "openssl"
+build = "build/main.rs"
 
 [dependencies]
 libc = "0.2"
diff --git a/openssl-sys/build/cfgs.rs b/openssl-sys/build/cfgs.rs
new file mode 100644
index 00000000..3e063aa3
--- /dev/null
+++ b/openssl-sys/build/cfgs.rs
@@ -0,0 +1,45 @@
+pub fn get(openssl_version: Option<u64>, libressl_version: Option<u64>) -> Vec<&'static str> {
+    let mut cfgs = vec![];
+
+    if let Some(libressl_version) = libressl_version {
+        cfgs.push("libressl");
+
+        if libressl_version >= 0x2_05_01_00_0 {
+            cfgs.push("libressl251");
+        }
+
+        if libressl_version >= 0x2_06_01_00_0 {
+            cfgs.push("libressl261");
+        }
+
+        if libressl_version >= 0x2_07_00_00_0 {
+            cfgs.push("libressl270");
+        }
+    } else {
+        let openssl_version = openssl_version.unwrap();
+
+        if openssl_version >= 0x1_00_02_08_0 {
+            cfgs.push("ossl102h");
+        }
+
+        if openssl_version >= 0x1_01_00_07_0 {
+            cfgs.push("ossl110g");
+        }
+
+        if openssl_version >= 0x1_01_01_00_0 {
+            cfgs.push("ossl111");
+            cfgs.push("ossl110");
+        } else if openssl_version >= 0x1_01_00_06_0 {
+            cfgs.push("ossl110");
+            cfgs.push("ossl110f");
+        } else if openssl_version >= 0x1_01_00_00_0 {
+            cfgs.push("ossl110");
+        } else if openssl_version >= 0x1_00_02_00_0 {
+            cfgs.push("ossl102");
+        } else if openssl_version >= 0x1_00_01_00_0 {
+            cfgs.push("ossl101");
+        }
+    }
+
+    cfgs
+}
diff --git a/openssl-sys/build.rs b/openssl-sys/build/main.rs
similarity index 95%
rename from openssl-sys/build.rs
rename to openssl-sys/build/main.rs
index c5630556..e2b3108c 100644
--- a/openssl-sys/build.rs
+++ b/openssl-sys/build/main.rs
@@ -11,6 +11,8 @@ use std::io::{BufWriter, Write};
 use std::path::{Path, PathBuf};
 use std::process::Command;
 
+mod cfgs;
+
 // The set of `OPENSSL_NO_<FOO>`s that we care about.
 const DEFINES: &'static [&'static str] = &[
     "OPENSSL_NO_BUF_FREELISTS",
@@ -114,7 +116,7 @@ fn find_openssl_dir(target: &str) -> OsString {
         if homebrew.exists() {
             return homebrew.to_path_buf().into();
         }
-        // Calling `brew --prefix <package>` command usually slow and 
+        // Calling `brew --prefix <package>` command usually slow and
         // takes seconds, and will be used only as a last resort.
         let output = execute_command_and_get_output("brew", &["--prefix", "openssl@1.1"]);
         if let Some(ref output) = output {
@@ -427,6 +429,10 @@ See rust-openssl README for more information:
     }
     println!("cargo:conf={}", enabled.join(","));
 
+    for cfg in cfgs::get(openssl_version, libressl_version) {
+        println!("cargo:rustc-cfg={}", cfg);
+    }
+
     if let Some(libressl_version) = libressl_version {
         println!("cargo:libressl_version_number={:x}", libressl_version);
 
@@ -445,8 +451,6 @@ See rust-openssl README for more information:
             _ => version_error(),
         };
 
-        println!("cargo:rustc-cfg=libressl");
-        println!("cargo:rustc-cfg=libressl2{}{}", minor, fix);
         println!("cargo:libressl=true");
         println!("cargo:libressl_version=2{}{}", minor, fix);
         println!("cargo:version=101");
@@ -455,37 +459,22 @@ See rust-openssl README for more information:
         let openssl_version = openssl_version.unwrap();
         println!("cargo:version_number={:x}", openssl_version);
 
-        if openssl_version >= 0x1_00_02_08_0 {
-            println!("cargo:rustc-cfg=ossl102h");
-        }
-
-        if openssl_version >= 0x1_01_00_07_0 {
-            println!("cargo:rustc-cfg=ossl110g");
-        }
-
         if openssl_version >= 0x1_01_02_00_0 {
             version_error()
         } else if openssl_version >= 0x1_01_01_00_0 {
-            println!("cargo:rustc-cfg=ossl111");
-            println!("cargo:rustc-cfg=ossl110");
             println!("cargo:version=111");
             Version::Openssl11x
         } else if openssl_version >= 0x1_01_00_06_0 {
-            println!("cargo:rustc-cfg=ossl110");
-            println!("cargo:rustc-cfg=ossl110f");
             println!("cargo:version=110");
             println!("cargo:patch=f");
             Version::Openssl11x
         } else if openssl_version >= 0x1_01_00_00_0 {
-            println!("cargo:rustc-cfg=ossl110");
             println!("cargo:version=110");
             Version::Openssl11x
         } else if openssl_version >= 0x1_00_02_00_0 {
-            println!("cargo:rustc-cfg=ossl102");
             println!("cargo:version=102");
             Version::Openssl10x
         } else if openssl_version >= 0x1_00_01_00_0 {
-            println!("cargo:rustc-cfg=ossl101");
             println!("cargo:version=101");
             Version::Openssl10x
         } else {
@@ -542,10 +531,12 @@ fn determine_mode(libdir: &Path, libs: &[&str]) -> &'static str {
         .map(|e| e.file_name())
         .filter_map(|e| e.into_string().ok())
         .collect::<HashSet<_>>();
-    let can_static = libs.iter()
+    let can_static = libs
+        .iter()
         .all(|l| files.contains(&format!("lib{}.a", l)) || files.contains(&format!("{}.lib", l)));
     let can_dylib = libs.iter().all(|l| {
-        files.contains(&format!("lib{}.so", l)) || files.contains(&format!("{}.dll", l))
+        files.contains(&format!("lib{}.so", l))
+            || files.contains(&format!("{}.dll", l))
             || files.contains(&format!("lib{}.dylib", l))
     });
     match (can_static, can_dylib) {
@@ -567,8 +558,6 @@ fn determine_mode(libdir: &Path, libs: &[&str]) -> &'static str {
     "dylib"
 }
 
-
-
 fn execute_command_and_get_output(cmd: &str, args: &[&str]) -> Option<String> {
     let out = Command::new(cmd).args(args).output();
     if let Ok(ref r1) = out {
@@ -576,9 +565,8 @@ fn execute_command_and_get_output(cmd: &str, args: &[&str]) -> Option<String> {
             let r2 = String::from_utf8(r1.stdout.clone());
             if let Ok(r3) = r2 {
                 return Some(r3.trim().to_string());
-            } 
+            }
         }
     }
     return None;
 }
-
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 61e087d0..e78c24f4 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -236,8 +236,10 @@ pub const EVP_PKEY_OP_VERIFYCTX: c_int = 1 << 7;
 pub const EVP_PKEY_OP_ENCRYPT: c_int = 1 << 8;
 pub const EVP_PKEY_OP_DECRYPT: c_int = 1 << 9;
 
-pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY
-    | EVP_PKEY_OP_VERIFYRECOVER | EVP_PKEY_OP_SIGNCTX
+pub const EVP_PKEY_OP_TYPE_SIG: c_int = EVP_PKEY_OP_SIGN
+    | EVP_PKEY_OP_VERIFY
+    | EVP_PKEY_OP_VERIFYRECOVER
+    | EVP_PKEY_OP_SIGNCTX
     | EVP_PKEY_OP_VERIFYCTX;
 
 pub const EVP_PKEY_OP_TYPE_CRYPT: c_int = EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT;
@@ -1259,21 +1261,23 @@ pub const SSL_VERIFY_NONE: c_int = 0;
 pub const SSL_VERIFY_PEER: c_int = 1;
 pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
 
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x, ossl101)))]
+#[cfg(not(any(libressl261, ossl101)))]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0;
 pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))]
+#[cfg(not(libressl261))]
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
 pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
 #[cfg(not(any(libressl, ossl110f, ossl111)))]
 pub const SSL_OP_ALL: c_ulong = 0x80000BFF;
 #[cfg(any(ossl110f, ossl111))]
-pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-    | SSL_OP_LEGACY_SERVER_CONNECT | SSL_OP_TLSEXT_PADDING
+pub const SSL_OP_ALL: c_ulong = SSL_OP_CRYPTOPRO_TLSEXT_BUG
+    | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+    | SSL_OP_LEGACY_SERVER_CONNECT
+    | SSL_OP_TLSEXT_PADDING
     | SSL_OP_SAFARI_ECDHE_ECDSA_BUG;
 pub const SSL_OP_NO_QUERY_MTU: c_ulong = 0x00001000;
 pub const SSL_OP_COOKIE_EXCHANGE: c_ulong = 0x00002000;
@@ -1289,8 +1293,11 @@ pub const SSL_OP_NO_TLSv1_2: c_ulong = 0x08000000;
 pub const SSL_OP_NO_SSL_MASK: c_ulong =
     SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2;
 #[cfg(ossl111)]
-pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1
-    | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2
+pub const SSL_OP_NO_SSL_MASK: c_ulong = SSL_OP_NO_SSLv2
+    | SSL_OP_NO_SSLv3
+    | SSL_OP_NO_TLSv1
+    | SSL_OP_NO_TLSv1_1
+    | SSL_OP_NO_TLSv1_2
     | SSL_OP_NO_TLSv1_3;
 
 pub const SSL_FILETYPE_PEM: c_int = X509_FILETYPE_PEM;
diff --git a/openssl-sys/src/libressl/mod.rs b/openssl-sys/src/libressl/mod.rs
index 366d9502..5ae205bc 100644
--- a/openssl-sys/src/libressl/mod.rs
+++ b/openssl-sys/src/libressl/mod.rs
@@ -1,19 +1,18 @@
+use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t};
 use std::mem;
 use std::ptr;
 use std::sync::{Mutex, MutexGuard};
 use std::sync::{Once, ONCE_INIT};
 
-#[cfg(libressl250)]
+#[cfg(not(libressl251))]
 pub use libressl::v250::*;
-#[cfg(not(libressl250))]
-pub use libressl::v25x::*;
+#[cfg(libressl251)]
+pub use libressl::v251::*;
 
-use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t};
-
-#[cfg(libressl250)]
+#[cfg(not(libressl251))]
 mod v250;
-#[cfg(not(libressl250))]
-mod v25x;
+#[cfg(libressl251)]
+mod v251;
 
 #[repr(C)]
 pub struct stack_st_ASN1_OBJECT {
@@ -337,9 +336,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32;
 pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
 pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
 
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_ALL: c_ulong = 0x4;
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))]
+#[cfg(not(libressl261))]
 pub const SSL_OP_ALL: c_ulong = 0x80000014;
 pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0;
 pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
@@ -352,9 +351,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0;
 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0;
-#[cfg(any(libressl261, libressl262, libressl26x, libressl27x))]
+#[cfg(libressl261)]
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0;
-#[cfg(not(any(libressl261, libressl262, libressl26x, libressl27x)))]
+#[cfg(not(libressl261))]
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000;
 pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000;
 pub const SSL_OP_NO_SSLv2: c_ulong = 0x0;
@@ -540,6 +539,15 @@ extern "C" {
             unsafe extern "C" fn(*mut ::SSL, *mut c_uchar, c_int, *mut c_int) -> *mut SSL_SESSION,
         >,
     );
+    #[cfg(libressl261)]
+    pub fn SSL_CTX_set_min_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
+    #[cfg(libressl261)]
+    pub fn SSL_CTX_set_max_proto_version(ctx: *mut ::SSL_CTX, version: u16) -> c_int;
+    #[cfg(libressl270)]
+    pub fn SSL_CTX_get_min_proto_version(ctx: *mut ::SSL_CTX) -> c_int;
+    #[cfg(libressl270)]
+    pub fn SSL_CTX_get_max_proto_version(ctx: *mut ::SSL_CTX) -> c_int;
+
     pub fn X509_get_subject_name(x: *mut ::X509) -> *mut ::X509_NAME;
     pub fn X509_get_issuer_name(x: *mut ::X509) -> *mut ::X509_NAME;
     pub fn X509_set_notAfter(x: *mut ::X509, tm: *const ::ASN1_TIME) -> c_int;
diff --git a/openssl-sys/src/libressl/v25x.rs b/openssl-sys/src/libressl/v251.rs
similarity index 94%
rename from openssl-sys/src/libressl/v25x.rs
rename to openssl-sys/src/libressl/v251.rs
index 7e7023ec..541b61db 100644
--- a/openssl-sys/src/libressl/v25x.rs
+++ b/openssl-sys/src/libressl/v251.rs
@@ -1,4 +1,4 @@
-use libc::{c_int, c_char, c_void, c_long, c_uchar, size_t, c_uint, c_ulong, time_t};
+use libc::{c_char, c_int, c_long, c_uchar, c_uint, c_ulong, c_void, size_t, time_t};
 
 use super::*;
 
@@ -84,6 +84,6 @@ pub struct X509_VERIFY_PARAM {
     pub purpose: c_int,
     pub trust: c_int,
     pub depth: c_int,
-    policies: *mut stack_st_ASN1_OBJECT,
+    pub policies: *mut stack_st_ASN1_OBJECT,
     id: *mut c_void,
 }
diff --git a/openssl/build.rs b/openssl/build.rs
index 612322fe..271fb662 100644
--- a/openssl/build.rs
+++ b/openssl/build.rs
@@ -41,4 +41,16 @@ fn main() {
             println!("cargo:rustc-cfg=ossl110g");
         }
     }
+
+    if let Ok(version) = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER") {
+        let version = u64::from_str_radix(&version, 16).unwrap();
+
+        if version >= 0x2_06_01_00_0 {
+            println!("cargo:rustc-cfg=libressl261");
+        }
+
+        if version >= 0x2_07_00_00_0 {
+            println!("cargo:rustc-cfg=libressl270");
+        }
+    }
 }
diff --git a/openssl/src/ec.rs b/openssl/src/ec.rs
index c4800c73..573d0c00 100644
--- a/openssl/src/ec.rs
+++ b/openssl/src/ec.rs
@@ -33,14 +33,14 @@
 //! ```
 use ffi;
 use foreign_types::{ForeignType, ForeignTypeRef};
-use std::ptr;
 use libc::c_int;
+use std::ptr;
 
-use {cvt, cvt_n, cvt_p, init};
 use bn::{BigNumContextRef, BigNumRef};
 use error::ErrorStack;
 use nid::Nid;
 use pkey::{HasParams, HasPrivate, HasPublic, Params, Private, Public};
+use {cvt, cvt_n, cvt_p, init};
 
 /// Compressed or Uncompressed conversion
 ///
@@ -803,10 +803,10 @@ impl<T> Clone for EcKey<T> {
 
 #[cfg(test)]
 mod test {
-    use bn::{BigNum, BigNumContext};
-    use nid::Nid;
-    use data_encoding::BASE64URL_NOPAD;
     use super::*;
+    use bn::{BigNum, BigNumContext};
+    use data_encoding::BASE64URL_NOPAD;
+    use nid::Nid;
 
     #[test]
     fn key_new_by_curve_name() {
@@ -823,7 +823,7 @@ mod test {
     fn dup() {
         let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
         let key = EcKey::generate(&group).unwrap();
-        key.clone();
+        drop(key.clone());
     }
 
     #[test]
@@ -862,7 +862,8 @@ mod test {
         let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
         let key = EcKey::generate(&group).unwrap();
         let mut ctx = BigNumContext::new().unwrap();
-        let bytes = key.public_key()
+        let bytes = key
+            .public_key()
             .to_bytes(&group, PointConversionForm::COMPRESSED, &mut ctx)
             .unwrap();
 
@@ -877,7 +878,8 @@ mod test {
         let group = EcGroup::from_curve_name(Nid::X9_62_PRIME256V1).unwrap();
         let key = EcKey::generate(&group).unwrap();
 
-        let dup_key = EcKey::from_private_components(&group, key.private_key(), key.public_key()).unwrap();
+        let dup_key =
+            EcKey::from_private_components(&group, key.private_key(), key.public_key()).unwrap();
         let res = dup_key.check_key().unwrap();
 
         assert!(res == ());
diff --git a/openssl/src/rsa.rs b/openssl/src/rsa.rs
index 0ad55b96..718ae59d 100644
--- a/openssl/src/rsa.rs
+++ b/openssl/src/rsa.rs
@@ -751,7 +751,8 @@ mod test {
     #[test]
     fn test_to_password() {
         let key = Rsa::generate(2048).unwrap();
-        let pem = key.private_key_to_pem_passphrase(Cipher::aes_128_cbc(), b"foobar")
+        let pem = key
+            .private_key_to_pem_passphrase(Cipher::aes_128_cbc(), b"foobar")
             .unwrap();
         Rsa::private_key_from_pem_passphrase(&pem, b"foobar").unwrap();
         assert!(Rsa::private_key_from_pem_passphrase(&pem, b"fizzbuzz").is_err());
@@ -791,7 +792,8 @@ mod test {
         k0.private_encrypt(&msg, &mut emesg, Padding::PKCS1)
             .unwrap();
         let mut dmesg = vec![0; k1.size() as usize];
-        let len = k1.public_decrypt(&emesg, &mut dmesg, Padding::PKCS1)
+        let len = k1
+            .public_decrypt(&emesg, &mut dmesg, Padding::PKCS1)
             .unwrap();
         assert_eq!(msg, &dmesg[..len]);
     }
@@ -807,7 +809,8 @@ mod test {
         let mut emesg = vec![0; k0.size() as usize];
         k0.public_encrypt(&msg, &mut emesg, Padding::PKCS1).unwrap();
         let mut dmesg = vec![0; k1.size() as usize];
-        let len = k1.private_decrypt(&emesg, &mut dmesg, Padding::PKCS1)
+        let len = k1
+            .private_decrypt(&emesg, &mut dmesg, Padding::PKCS1)
             .unwrap();
         assert_eq!(msg, &dmesg[..len]);
     }
@@ -883,6 +886,6 @@ mod test {
     #[test]
     fn clone() {
         let key = Rsa::generate(2048).unwrap();
-        key.clone();
+        drop(key.clone());
     }
 }
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index 8dc605ed..adec060c 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -1023,15 +1023,15 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_set_min_proto_version`].
     ///
-    /// Requires OpenSSL 1.1.0 or newer.
+    /// Requires OpenSSL 1.1.0 or LibreSSL 2.6.1 or newer.
     ///
     /// [`SSL_CTX_set_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
-    #[cfg(any(ossl110))]
+    #[cfg(any(ossl110, libressl261))]
     pub fn set_min_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
         unsafe {
             cvt(ffi::SSL_CTX_set_min_proto_version(
                 self.as_ptr(),
-                version.map_or(0, |v| v.0),
+                version.map_or(0, |v| v.0 as _),
             )).map(|_| ())
         }
     }
@@ -1043,15 +1043,15 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_set_max_proto_version`].
     ///
-    /// Requires OpenSSL 1.1.0 or newer.
+    /// Requires OpenSSL 1.1.0 or or LibreSSL 2.6.1 or newer.
     ///
     /// [`SSL_CTX_set_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
-    #[cfg(any(ossl110))]
+    #[cfg(any(ossl110, libressl261))]
     pub fn set_max_proto_version(&mut self, version: Option<SslVersion>) -> Result<(), ErrorStack> {
         unsafe {
             cvt(ffi::SSL_CTX_set_max_proto_version(
                 self.as_ptr(),
-                version.map_or(0, |v| v.0),
+                version.map_or(0, |v| v.0 as _),
             )).map(|_| ())
         }
     }
@@ -1063,10 +1063,10 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_get_min_proto_version`].
     ///
-    /// Requires OpenSSL 1.1.0g or newer.
+    /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer.
     ///
     /// [`SSL_CTX_get_min_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
-    #[cfg(any(ossl110g))]
+    #[cfg(any(ossl110g, libressl270))]
     pub fn min_proto_version(&mut self) -> Option<SslVersion> {
         unsafe {
             let r = ffi::SSL_CTX_get_min_proto_version(self.as_ptr());
@@ -1085,10 +1085,10 @@ impl SslContextBuilder {
     ///
     /// This corresponds to [`SSL_CTX_get_max_proto_version`].
     ///
-    /// Requires OpenSSL 1.1.0g or newer.
+    /// Requires OpenSSL 1.1.0g or LibreSSL 2.7.0 or newer.
     ///
     /// [`SSL_CTX_get_max_proto_version`]: https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_min_proto_version.html
-    #[cfg(any(ossl110g))]
+    #[cfg(any(ossl110g, libressl270))]
     pub fn max_proto_version(&mut self) -> Option<SslVersion> {
         unsafe {
             let r = ffi::SSL_CTX_get_max_proto_version(self.as_ptr());
@@ -2837,7 +2837,8 @@ impl<S: Read + Write> Read for SslStream<S> {
                 }
                 Err(ref e) if e.code() == ErrorCode::WANT_READ && e.io_error().is_none() => {}
                 Err(e) => {
-                    return Err(e.into_io_error()
+                    return Err(e
+                        .into_io_error()
                         .unwrap_or_else(|e| io::Error::new(io::ErrorKind::Other, e)))
                 }
             }
@@ -2852,7 +2853,8 @@ impl<S: Read + Write> Write for SslStream<S> {
                 Ok(n) => return Ok(n),
                 Err(ref e) if e.code() == ErrorCode::WANT_READ && e.io_error().is_none() => {}
                 Err(e) => {
-                    return Err(e.into_io_error()
+                    return Err(e
+                        .into_io_error()
                         .unwrap_or_else(|e| io::Error::new(io::ErrorKind::Other, e)))
                 }
             }
diff --git a/openssl/src/ssl/test.rs b/openssl/src/ssl/test.rs
index 2e906728..b90199f0 100644
--- a/openssl/src/ssl/test.rs
+++ b/openssl/src/ssl/test.rs
@@ -19,7 +19,7 @@ use hash::MessageDigest;
 use ocsp::{OcspResponse, OcspResponseStatus};
 use pkey::PKey;
 use ssl;
-#[cfg(any(ossl110, ossl111))]
+#[cfg(any(ossl110, ossl111, libressl261))]
 use ssl::SslVersion;
 use ssl::{
     Error, HandshakeError, MidHandshakeSslStream, ShutdownResult, Ssl, SslAcceptor, SslConnector,
@@ -1315,7 +1315,7 @@ fn keying_export() {
 }
 
 #[test]
-#[cfg(any(ossl110))]
+#[cfg(any(ossl110, libressl261))]
 fn no_version_overlap() {
     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
     let addr = listener.local_addr().unwrap();
@@ -1330,7 +1330,7 @@ fn no_version_overlap() {
         ctx.set_max_proto_version(Some(SslVersion::TLS1_1)).unwrap();
         #[cfg(ossl110g)]
         assert_eq!(ctx.min_proto_version(), None);
-        #[cfg(ossl110g)]
+        #[cfg(any(ossl110g, libressl270))]
         assert_eq!(ctx.max_proto_version(), Some(SslVersion::TLS1_1));
         let ssl = Ssl::new(&ctx.build()).unwrap();
         ssl.accept(stream).unwrap_err();
@@ -1339,7 +1339,7 @@ fn no_version_overlap() {
     let stream = TcpStream::connect(addr).unwrap();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
     ctx.set_min_proto_version(Some(SslVersion::TLS1_2)).unwrap();
-    #[cfg(ossl110g)]
+    #[cfg(any(ossl110g, libressl270))]
     assert_eq!(ctx.min_proto_version(), Some(SslVersion::TLS1_2));
     #[cfg(ossl110g)]
     assert_eq!(ctx.max_proto_version(), None);
diff --git a/openssl/src/x509/tests.rs b/openssl/src/x509/tests.rs
index 7ef4d160..a3c66e0c 100644
--- a/openssl/src/x509/tests.rs
+++ b/openssl/src/x509/tests.rs
@@ -7,10 +7,12 @@ use nid::Nid;
 use pkey::{PKey, Private};
 use rsa::Rsa;
 use stack::Stack;
-use x509::{X509, X509Name, X509Req, X509StoreContext, X509VerifyResult};
-use x509::extension::{AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage,
-                      SubjectAlternativeName, SubjectKeyIdentifier};
+use x509::extension::{
+    AuthorityKeyIdentifier, BasicConstraints, ExtendedKeyUsage, KeyUsage, SubjectAlternativeName,
+    SubjectKeyIdentifier,
+};
 use x509::store::X509StoreBuilder;
+use x509::{X509, X509Name, X509Req, X509StoreContext, X509VerifyResult};
 
 fn pkey() -> PKey<Private> {
     let rsa = Rsa::generate(2048).unwrap();
@@ -197,7 +199,8 @@ fn x509_builder() {
 
     assert!(pkey.public_eq(&x509.public_key().unwrap()));
 
-    let cn = x509.subject_name()
+    let cn = x509
+        .subject_name()
         .entries_by_nid(Nid::COMMONNAME)
         .next()
         .unwrap();
@@ -291,7 +294,7 @@ fn signature() {
 fn clone_x509() {
     let cert = include_bytes!("../../test/cert.pem");
     let cert = X509::from_pem(cert).unwrap();
-    cert.clone();
+    drop(cert.clone());
 }
 
 #[test]
diff --git a/systest/build.rs b/systest/build.rs
index 98e9ffb3..84c0a1ae 100644
--- a/systest/build.rs
+++ b/systest/build.rs
@@ -2,10 +2,12 @@ extern crate ctest;
 
 use std::env;
 
+#[path = "../openssl-sys/build/cfgs.rs"]
+mod cfgs;
+
 fn main() {
     let mut cfg = ctest::TestGenerator::new();
     let target = env::var("TARGET").unwrap();
-    let mut is_libressl = false;
 
     if let Ok(out) = env::var("DEP_OPENSSL_INCLUDE") {
         cfg.include(&out);
@@ -26,21 +28,17 @@ fn main() {
         cfg.define("WIN32_LEAN_AND_MEAN", None);
     }
 
-    if let Ok(_) = env::var("DEP_OPENSSL_LIBRESSL") {
-        cfg.cfg("libressl", None);
-        is_libressl = true;
-    } else if let Ok(version) = env::var("DEP_OPENSSL_VERSION") {
-        cfg.cfg(&format!("ossl{}", version), None);
-        if version == "111" {
-            cfg.cfg("ossl110", None);
-        }
-    }
-    if let (Ok(version), Ok(patch)) = (
-        env::var("DEP_OPENSSL_VERSION"),
-        env::var("DEP_OPENSSL_PATCH"),
-    ) {
-        cfg.cfg(&format!("ossl{}{}", version, patch), None);
+    let openssl_version = env::var("DEP_OPENSSL_VERSION_NUMBER")
+        .ok()
+        .map(|v| u64::from_str_radix(&v, 16).unwrap());
+    let libressl_version = env::var("DEP_OPENSSL_LIBRESSL_VERSION_NUMBER")
+        .ok()
+        .map(|v| u64::from_str_radix(&v, 16).unwrap());
+
+    for c in cfgs::get(openssl_version, libressl_version) {
+        cfg.cfg(c, None);
     }
+
     if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
         for var in vars.split(",") {
             cfg.cfg("osslconf", Some(var));
@@ -65,7 +63,7 @@ fn main() {
         .header("openssl/ocsp.h")
         .header("openssl/evp.h");
 
-    if !is_libressl {
+    if openssl_version.is_some() {
         cfg.header("openssl/cms.h");
     }
 
@@ -79,7 +77,8 @@ fn main() {
         } else if s == "_STACK" {
             format!("struct stack_st")
         // This logic should really be cleaned up
-        } else if is_struct && s != "point_conversion_form_t"
+        } else if is_struct
+            && s != "point_conversion_form_t"
             && s.chars().next().unwrap().is_lowercase()
         {
             format!("struct {}", s)
@@ -111,9 +110,13 @@ fn main() {
             (s == "GENERAL_NAME" && field == "d") // union
     });
     cfg.skip_signededness(|s| {
-        s.ends_with("_cb") || s.ends_with("_CB") || s.ends_with("_cb_fn")
-            || s.starts_with("CRYPTO_") || s == "PasswordCallback"
-            || s.ends_with("_cb_func") || s.ends_with("_cb_ex")
+        s.ends_with("_cb")
+            || s.ends_with("_CB")
+            || s.ends_with("_cb_fn")
+            || s.starts_with("CRYPTO_")
+            || s == "PasswordCallback"
+            || s.ends_with("_cb_func")
+            || s.ends_with("_cb_ex")
     });
     cfg.field_name(|_s, field| {
         if field == "type_" {