diff --git a/.circleci/config.yml b/.circleci/config.yml
index 59f899f2..2c2fb0d5 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -78,9 +78,9 @@ openssl_101: &OPENSSL_101
 libressl_250: &LIBRESSL_250
   LIBRARY: libressl
   VERSION: 2.5.0
-libressl_260: &LIBRESSL_260
+libressl_261: &LIBRESSL_261
   LIBRARY: libressl
-  VERSION: 2.6.0
+  VERSION: 2.6.1
 
 x86_64: &X86_64
   TARGET: x86_64-unknown-linux-gnu
@@ -139,10 +139,10 @@ jobs:
     <<: *JOB
     environment:
       <<: [*LIBRESSL_250, *X86_64, *BASE]
-  x86_64-libressl-2.6.0:
+  x86_64-libressl-2.6.1:
     <<: *JOB
     environment:
-      <<: [*LIBRESSL_260, *X86_64, *BASE]
+      <<: [*LIBRESSL_261, *X86_64, *BASE]
 workflows:
   version: 2
   tests:
@@ -157,4 +157,4 @@ workflows:
     - armhf-openssl-1.0.2
     - armhf-openssl-1.0.1
     - x86_64-libressl-2.5.0
-    - x86_64-libressl-2.6.0
+    - x86_64-libressl-2.6.1
diff --git a/openssl-sys/build.rs b/openssl-sys/build.rs
index eb6979b0..4e0dbe80 100644
--- a/openssl-sys/build.rs
+++ b/openssl-sys/build.rs
@@ -316,8 +316,10 @@ fn validate_headers(include_dirs: &[PathBuf]) -> Version {
 #include <openssl/opensslv.h>
 #include <openssl/opensslconf.h>
 
-#if LIBRESSL_VERSION_NUMBER >= 0x20601000
+#if LIBRESSL_VERSION_NUMBER >= 0x20602000
 RUST_LIBRESSL_NEW
+#elif LIBRESSL_VERSION_NUMBER >= 0x20601000
+RUST_LIBRESSL_261
 #elif LIBRESSL_VERSION_NUMBER >= 0x20600000
 RUST_LIBRESSL_260
 #elif LIBRESSL_VERSION_NUMBER >= 0x20506000
@@ -412,42 +414,56 @@ See rust-openssl README for more information:
         println!("cargo:rustc-cfg=libressl");
         println!("cargo:rustc-cfg=libressl250");
         println!("cargo:libressl=true");
+        println!("cargo:libressl_version=250");
         println!("cargo:version=101");
         Version::Libressl
     } else if expanded.contains("RUST_LIBRESSL_251") {
         println!("cargo:rustc-cfg=libressl");
         println!("cargo:rustc-cfg=libressl251");
         println!("cargo:libressl=true");
+        println!("cargo:libressl_version=251");
         println!("cargo:version=101");
         Version::Libressl
     } else if expanded.contains("RUST_LIBRESSL_252") {
         println!("cargo:rustc-cfg=libressl");
         println!("cargo:rustc-cfg=libressl252");
         println!("cargo:libressl=true");
+        println!("cargo:libressl_version=252");
         println!("cargo:version=101");
         Version::Libressl
     } else if expanded.contains("RUST_LIBRESSL_253") {
         println!("cargo:rustc-cfg=libressl");
         println!("cargo:rustc-cfg=libressl253");
         println!("cargo:libressl=true");
+        println!("cargo:libressl_version=253");
         println!("cargo:version=101");
         Version::Libressl
     } else if expanded.contains("RUST_LIBRESSL_254") {
         println!("cargo:rustc-cfg=libressl");
         println!("cargo:rustc-cfg=libressl254");
         println!("cargo:libressl=true");
+        println!("cargo:libressl_version=254");
         println!("cargo:version=101");
         Version::Libressl
     } else if expanded.contains("RUST_LIBRESSL_255") {
         println!("cargo:rustc-cfg=libressl");
         println!("cargo:rustc-cfg=libressl255");
         println!("cargo:libressl=true");
+        println!("cargo:libressl_version=255");
         println!("cargo:version=101");
         Version::Libressl
     } else if expanded.contains("RUST_LIBRESSL_260") {
         println!("cargo:rustc-cfg=libressl");
         println!("cargo:rustc-cfg=libressl260");
         println!("cargo:libressl=true");
+        println!("cargo:libressl_version=250");
+        println!("cargo:version=101");
+        Version::Libressl
+    } else if expanded.contains("RUST_LIBRESSL_261") {
+        println!("cargo:rustc-cfg=libressl");
+        println!("cargo:rustc-cfg=libressl261");
+        println!("cargo:libressl=true");
+        println!("cargo:libressl_version=261");
         println!("cargo:version=101");
         Version::Libressl
     } else if expanded.contains("RUST_OPENSSL_110F") {
diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 48d07b4a..81145432 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -1250,10 +1250,15 @@ pub const SSL_VERIFY_NONE: c_int = 0;
 pub const SSL_VERIFY_PEER: c_int = 1;
 pub const SSL_VERIFY_FAIL_IF_NO_PEER_CERT: c_int = 2;
 
-#[cfg(not(ossl101))]
+#[cfg(not(any(libressl261, ossl101)))]
 pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x00000010;
+#[cfg(libressl261)]
+pub const SSL_OP_TLSEXT_PADDING: c_ulong = 0x0;
 pub const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: c_ulong = 0x00000800;
+#[cfg(not(libressl261))]
 pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x80000000;
+#[cfg(libressl261)]
+pub const SSL_OP_CRYPTOPRO_TLSEXT_BUG: c_ulong = 0x0;
 pub const SSL_OP_LEGACY_SERVER_CONNECT: c_ulong = 0x00000004;
 #[cfg(not(libressl))]
 pub const SSL_OP_SAFARI_ECDHE_ECDSA_BUG: c_ulong = 0x00000040;
diff --git a/openssl-sys/src/libressl/mod.rs b/openssl-sys/src/libressl/mod.rs
index f69198e2..f4806e8a 100644
--- a/openssl-sys/src/libressl/mod.rs
+++ b/openssl-sys/src/libressl/mod.rs
@@ -345,6 +345,9 @@ pub const SSL_CTRL_OPTIONS: c_int = 32;
 pub const SSL_CTRL_CLEAR_OPTIONS: c_int = 77;
 pub const SSL_CTRL_SET_ECDH_AUTO: c_int = 94;
 
+#[cfg(libressl261)]
+pub const SSL_OP_ALL: c_ulong = 0x4;
+#[cfg(not(libressl261))]
 pub const SSL_OP_ALL: c_ulong = 0x80000014;
 pub const SSL_OP_CISCO_ANYCONNECT: c_ulong = 0x0;
 pub const SSL_OP_NO_COMPRESSION: c_ulong = 0x0;
@@ -357,6 +360,9 @@ pub const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: c_ulong = 0x0;
 pub const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_D5_BUG: c_ulong = 0x0;
 pub const SSL_OP_TLS_BLOCK_PADDING_BUG: c_ulong = 0x0;
+#[cfg(libressl261)]
+pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x0;
+#[cfg(not(libressl261))]
 pub const SSL_OP_SINGLE_ECDH_USE: c_ulong = 0x00080000;
 pub const SSL_OP_SINGLE_DH_USE: c_ulong = 0x00100000;
 pub const SSL_OP_NO_SSLv2: c_ulong = 0x0;
diff --git a/openssl/build.rs b/openssl/build.rs
index 954e9b0c..eb8894fd 100644
--- a/openssl/build.rs
+++ b/openssl/build.rs
@@ -20,6 +20,10 @@ fn main() {
         println!("cargo:rustc-cfg=libressl");
     }
 
+    if let Ok(v) = env::var("DEP_OPENSSL_LIBRESSL_VERSION") {
+        println!("cargo:rustc-cfg=libressl{}", v);
+    }
+
     if let Ok(vars) = env::var("DEP_OPENSSL_CONF") {
         for var in vars.split(",") {
             println!("cargo:rustc-cfg=osslconf=\"{}\"", var);
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index dc0f5448..762118a5 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -652,6 +652,7 @@ impl SslContextBuilder {
 
     /// Set the protocols to be used during Next Protocol Negotiation (the protocols
     /// supported by the application).
+    #[cfg(not(libressl261))]
     pub fn set_npn_protocols(&mut self, protocols: &[&[u8]]) -> Result<(), ErrorStack> {
         // Firstly, convert the list of protocols to a byte-array that can be passed to OpenSSL
         // APIs -- a list of length-prefixed strings.
@@ -1310,6 +1311,7 @@ impl SslRef {
     ///
     /// The protocol's name is returned is an opaque sequence of bytes. It is up to the client
     /// to interpret it.
+    #[cfg(not(libressl261))]
     pub fn selected_npn_protocol(&self) -> Option<&[u8]> {
         unsafe {
             let mut data: *const c_uchar = ptr::null();
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index cfad9cca..a3ac6832 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -503,6 +503,7 @@ fn test_connect_with_unilateral_alpn() {
 /// Tests that connecting with the client using NPN, but the server not does not
 /// break the existing connection behavior.
 #[test]
+#[cfg(not(libressl261))]
 fn test_connect_with_unilateral_npn() {
     let (_s, stream) = Server::new();
     let mut ctx = SslContext::builder(SslMethod::tls()).unwrap();
@@ -615,6 +616,7 @@ fn test_connect_with_npn_successful_single_match() {
 /// Tests that when the `SslStream` is created as a server stream, the protocols
 /// are correctly advertised to the client.
 #[test]
+#[cfg(not(libressl261))]
 fn test_npn_server_advertise_multiple() {
     let listener = TcpListener::bind("127.0.0.1:0").unwrap();
     let localhost = listener.local_addr().unwrap();
@@ -1239,7 +1241,7 @@ fn tmp_dh_callback() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+#[cfg(any(all(feature = "v101", ossl101, not(libressl261)), all(feature = "v102", ossl102)))]
 fn tmp_ecdh_callback() {
     use ec::EcKey;
     use nid;
@@ -1306,7 +1308,7 @@ fn tmp_dh_callback_ssl() {
 }
 
 #[test]
-#[cfg(any(all(feature = "v101", ossl101), all(feature = "v102", ossl102)))]
+#[cfg(any(all(feature = "v101", ossl101, not(libressl261)), all(feature = "v102", ossl102)))]
 fn tmp_ecdh_callback_ssl() {
     use ec::EcKey;
     use nid;
diff --git a/systest/build.rs b/systest/build.rs
index 700d8565..45e335c0 100644
--- a/systest/build.rs
+++ b/systest/build.rs
@@ -41,6 +41,12 @@ fn main() {
         }
     }
 
+    let has_cms_h = if let Ok(version) = env::var("DEP_OPENSSL_LIBRESSL_VERSION") {
+        version != "261"
+    } else {
+        true
+    };
+
     cfg.header("openssl/comp.h")
         .header("openssl/dh.h")
         .header("openssl/ossl_typ.h")
@@ -56,8 +62,12 @@ fn main() {
         .header("openssl/pkcs12.h")
         .header("openssl/bn.h")
         .header("openssl/aes.h")
-        .header("openssl/ocsp.h")
-        .header("openssl/cms.h");
+        .header("openssl/ocsp.h");
+
+    if has_cms_h {
+        cfg.header("openssl/cms.h");
+    }
+
     cfg.type_name(|s, is_struct| {
         // Add some `*` on some callback parameters to get function pointer to
         // typecheck in C, especially on MSVC.