diff --git a/openwsman-2.6.2-openssl-1.1-fix.patch b/openwsman-2.6.2-openssl-1.1-fix.patch
new file mode 100644
index 0000000..59c1dc2
--- /dev/null
+++ b/openwsman-2.6.2-openssl-1.1-fix.patch
@@ -0,0 +1,217 @@
+diff -up openwsman-2.6.2/src/lib/wsman-curl-client-transport.c.orig openwsman-2.6.2/src/lib/wsman-curl-client-transport.c
+--- openwsman-2.6.2/src/lib/wsman-curl-client-transport.c.orig	2015-10-19 15:27:46.000000000 +0200
++++ openwsman-2.6.2/src/lib/wsman-curl-client-transport.c	2017-01-02 15:18:43.444990500 +0100
+@@ -239,12 +239,16 @@ write_handler( void *ptr, size_t size, s
+ static int ssl_certificate_thumbprint_verify_callback(X509_STORE_CTX *ctx, void *arg)
+ {
+ 	unsigned char *thumbprint = (unsigned char *)arg;
+-	X509 *cert = ctx->cert;
+ 	EVP_MD                                  *tempDigest;
+ 
+ 	unsigned char   tempFingerprint[EVP_MAX_MD_SIZE];
+ 	unsigned int      tempFingerprintLen;
+ 	tempDigest = (EVP_MD*)EVP_sha1( );
++
++	X509 *cert = X509_STORE_CTX_get_current_cert(ctx);
++	if(!cert)
++		return 0;
++
+ 	if ( X509_digest(cert, tempDigest, tempFingerprint, &tempFingerprintLen ) <= 0)
+ 		return 0;
+ 	if(!memcmp(tempFingerprint, thumbprint, tempFingerprintLen))
+diff -up openwsman-2.6.2/src/server/shttpd/config.c.orig openwsman-2.6.2/src/server/shttpd/config.c
+--- openwsman-2.6.2/src/server/shttpd/config.c.orig	2015-10-19 15:27:46.000000000 +0200
++++ openwsman-2.6.2/src/server/shttpd/config.c	2017-01-03 14:21:57.925415734 +0100
+@@ -85,32 +85,24 @@ static void
+ set_ssl(struct shttpd_ctx *ctx, void *arg, const char *pem)
+ {
+ 	SSL_CTX		*CTX;
++	SSL_CONF_CTX	*CCTX;
+ 	void		*lib;
+ 	struct ssl_func	*fp;
+         char *ssl_disabled_protocols = wsmand_options_get_ssl_disabled_protocols();
++	int		ret;
+ 
+ 	arg = NULL;	/* Unused */
+ 
+-	/* Load SSL library dynamically */
+-	if ((lib = dlopen(SSL_LIB, RTLD_LAZY)) == NULL) {
+-		elog(E_FATAL, NULL, "set_ssl: cannot load %s", SSL_LIB);
+-                ctx->ssl_ctx = NULL;
+-                return;
+-        }
+-
+-	for (fp = ssl_sw; fp->name != NULL; fp++) {
+-		if ((fp->ptr.v_void = dlsym(lib, fp->name)) == NULL) {
+-                        elog(E_FATAL, NULL,"set_ssl: cannot find %s", fp->name);
+-                  ctx->ssl_ctx = NULL;
+-                  return;
+-                }
+-        }
+-
+ 	/* Initialize SSL crap */
+ 	static int ssl_library_initialized = 0;
+ 	if(!ssl_library_initialized) {
+ 		debug("Initialize SSL");
++		SSL_load_error_strings();
++		#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		SSL_library_init();
++		#else
++		OPENSSL_init_ssl(0, NULL);
++		#endif
+ 		ssl_library_initialized = 1;
+ 	}
+ 	if ((CTX = SSL_CTX_new(SSLv23_server_method())) == NULL) {
+@@ -126,17 +118,26 @@ set_ssl(struct shttpd_ctx *ctx, void *ar
+                 SSL_CTX_free(CTX);
+                 CTX = NULL;
+         }
++	if ((CCTX = SSL_CONF_CTX_new()) == NULL) {
++		elog(E_FATAL, NULL, "SSL_CONF_CTX_new error");
++		debug("SSL_CONF_CTX_new error");
++	}
++	else {
++		SSL_CONF_CTX_set_ssl_ctx(CCTX, CTX);
++	}
++
++/*
+ 	while (ssl_disabled_protocols) {
+           struct ctx_opts_t {
+             char *name;
+-            long opt;
++            char *opt;
+           } protocols[] = {
+-            { "SSLv2", SSL_OP_NO_SSLv2 },
+-            { "SSLv3", SSL_OP_NO_SSLv3 },
+-            { "TLSv1", SSL_OP_NO_TLSv1 },
++            { "SSLv2", "SSLv2" },
++            { "SSLv3", "SSLv3" },
++            { "TLSv1", "TLSv1" },
+ # if OPENSSL_VERSION_NUMBER >= 0x10001000L
+-            { "TLSv1_1", SSL_OP_NO_TLSv1_1 },
+-            { "TLSv1_2", SSL_OP_NO_TLSv1_2 },
++            { "TLSv1_1", "TLSv1.1" },
++            { "TLSv1_2", "TLSv1.2" },
+ # endif
+             { NULL, 0 }
+           };
+@@ -150,7 +151,17 @@ set_ssl(struct shttpd_ctx *ctx, void *ar
+           for (idx = 0; protocols[idx].name ; ++idx) {
+             if (strncasecmp(protocols[idx].name, ssl_disabled_protocols, blank_ptr-ssl_disabled_protocols) == 0) {
+               debug("SSL: disable %s protocol", protocols[idx].name);
+-              SSL_CTX_ctrl(CTX, SSL_CTRL_OPTIONS, protocols[idx].opt, NULL);                      
++              debug("SSL: set '%s' as minimum protocol version - opt value", protocols[idx].opt);
++              ret = SSL_CONF_cmd(CTX, "MinProtocol", protocols[idx].opt);
++              if (ret > 2) {
++                debug("SSL: SSL_CONF_cmd OK");
++              }
++              if (ret == -2) {
++                debug("SSL: SSL_CONF_cmd ret == -2");
++              }
++              if (ret != -2) {
++                debug("Error processing SSL_CONF_cmd()");
++              }
+               break;
+             }
+           }
+@@ -158,6 +169,10 @@ set_ssl(struct shttpd_ctx *ctx, void *ar
+             break;
+           ssl_disabled_protocols = blank_ptr + 1;          
+         }
++*/
++	if (!SSL_CONF_CTX_finish(CCTX)) {
++		elog(E_FATAL, NULL, "SSL_CONF_CTX_finish error");
++	}
+ 
+ 	ctx->ssl_ctx = CTX;
+ }
+diff -up openwsman-2.6.2/src/server/shttpd/io_ssl.c.orig openwsman-2.6.2/src/server/shttpd/io_ssl.c
+--- openwsman-2.6.2/src/server/shttpd/io_ssl.c.orig	2015-10-19 15:27:46.000000000 +0200
++++ openwsman-2.6.2/src/server/shttpd/io_ssl.c	2017-01-03 13:43:13.926524433 +0100
+@@ -11,26 +11,6 @@
+ #include "shttpd_defs.h"
+ 
+ #if !defined(NO_SSL)
+-struct ssl_func	ssl_sw[] = {
+-	{"SSL_free",			{0}},
+-	{"SSL_accept",			{0}},
+-	{"SSL_connect",			{0}},
+-	{"SSL_read",			{0}},
+-	{"SSL_write",			{0}},
+-	{"SSL_get_error",		{0}},
+-	{"SSL_set_fd",			{0}},
+-	{"SSL_new",			{0}},
+-	{"SSL_CTX_new",			{0}},
+-	{"SSLv23_server_method",	{0}},
+-	{"SSL_library_init",		{0}},
+-	{"SSL_CTX_use_PrivateKey_file",	{0}},
+-	{"SSL_CTX_use_certificate_file",{0}},
+-	{"SSL_CTX_free", {0}},
+-	{"SSL_pending", {0}},
+-	{"SSL_CTX_use_certificate_chain_file",{0}},
+-	{"SSL_CTX_ctrl", {0}},
+-	{NULL,				{0}}
+-};
+ 
+ void
+ ssl_handshake(struct stream *stream)
+diff -up openwsman-2.6.2/src/server/shttpd/ssl.h.orig openwsman-2.6.2/src/server/shttpd/ssl.h
+--- openwsman-2.6.2/src/server/shttpd/ssl.h.orig	2015-10-19 15:27:46.000000000 +0200
++++ openwsman-2.6.2/src/server/shttpd/ssl.h	2017-01-02 15:18:43.445990500 +0100
+@@ -12,56 +12,4 @@
+ 
+ # include <openssl/ssl.h>
+ 
+-#else
+-
+-/*
+- * Snatched from OpenSSL includes. I put the prototypes here to be independent
+- * from the OpenSSL source installation. Having this, shttpd + SSL can be
+- * built on any system with binary SSL libraries installed.
+- */
+-
+-typedef struct ssl_st SSL;
+-typedef struct ssl_method_st SSL_METHOD;
+-typedef struct ssl_ctx_st SSL_CTX;
+-
+-#define	SSL_ERROR_WANT_READ	2
+-#define	SSL_ERROR_WANT_WRITE	3
+-#define SSL_ERROR_SYSCALL               5
+-#define SSL_FILETYPE_PEM	1
+-
+ #endif
+-
+-/*
+- * Dynamically loaded SSL functionality
+- */
+-struct ssl_func {
+-	const char	*name;		/* SSL function name	*/
+-	union variant	ptr;		/* Function pointer	*/
+-};
+-
+-extern struct ssl_func	ssl_sw[];
+-
+-#define	FUNC(x)	ssl_sw[x].ptr.v_func
+-
+-#define	SSL_free(x)	(* (void (*)(SSL *)) FUNC(0))(x)
+-#define	SSL_accept(x)	(* (int (*)(SSL *)) FUNC(1))(x)
+-#define	SSL_connect(x)	(* (int (*)(SSL *)) FUNC(2))(x)
+-#define	SSL_read(x,y,z)	(* (int (*)(SSL *, void *, int)) FUNC(3))((x),(y),(z))
+-#define	SSL_write(x,y,z) \
+-	(* (int (*)(SSL *, const void *,int)) FUNC(4))((x), (y), (z))
+-#define	SSL_get_error(x,y)(* (int (*)(SSL *, int)) FUNC(5))((x), (y))
+-#define	SSL_set_fd(x,y)	(* (int (*)(SSL *, int)) FUNC(6))((x), (y))
+-#define	SSL_new(x)	(* (SSL * (*)(SSL_CTX *)) FUNC(7))(x)
+-#define	SSL_CTX_new(x)	(* (SSL_CTX * (*)(SSL_METHOD *)) FUNC(8))(x)
+-#define	SSLv23_server_method()	(* (SSL_METHOD * (*)(void)) FUNC(9))()
+-#define	SSL_library_init() (* (int (*)(void)) FUNC(10))()
+-#define	SSL_CTX_use_PrivateKey_file(x,y,z)	(* (int (*)(SSL_CTX *, \
+-		const char *, int)) FUNC(11))((x), (y), (z))
+-#define	SSL_CTX_use_certificate_file(x,y,z)	(* (int (*)(SSL_CTX *, \
+-		const char *, int)) FUNC(12))((x), (y), (z))
+-#define SSL_CTX_use_certificate_chain_file(x,y)	(* (int (*)(SSL_CTX *, \
+-		const char *)) FUNC(15))((x), (y))
+-#define	SSL_CTX_free(x)	(*(void (*)(SSL_CTX *)) FUNC(13))(x)
+-#define	SSL_pending(x) (*(int (*)(SSL *)) FUNC(14))(x)
+-#define SSL_CTX_ctrl(w,x,y,z) (*(long (*)(SSL_CTX *,int,long,void *)) FUNC(16))((w),(x),(y),(z))
+-                                    
diff --git a/openwsman.spec b/openwsman.spec
index fc310a3..8a1ac98 100644
--- a/openwsman.spec
+++ b/openwsman.spec
@@ -9,7 +9,7 @@ BuildRequires:  perl-devel perl-generators pkgconfig openssl-devel
 BuildRequires:  cmake
 BuildRequires:  systemd-units
 Version:        2.6.2
-Release:        8%{?dist}
+Release:        9%{?dist}
 Url:            http://www.openwsman.org/
 License:        BSD
 Group:          Applications/System
@@ -27,6 +27,7 @@ Patch1:         openwsman-2.2.7-libssl.patch
 Patch2:         openwsman-2.4.0-pamsetup.patch
 Patch3:         openwsman-2.4.12-ruby-binding-build.patch
 Patch4:         openwsman-2.6.2-python3.patch
+Patch5:         openwsman-2.6.2-openssl-1.1-fix.patch
 
 %description
 Openwsman is a project intended to provide an open-source
@@ -183,6 +184,7 @@ popd
 %patch2 -p1 -b .pamsetup
 %patch3 -p1 -b .ruby-binding-build
 %patch4 -p1 -b .python3
+%patch5 -p1 -b .openssl-1.1-fix
 
 # support ruby 2.2
 pushd bindings/ruby
@@ -357,6 +359,10 @@ rm -f /var/log/wsmand.log
 
 
 %changelog
+* Tue Jan 03 2017 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.6.2-9
+- Port to openssl 1.1.0
+  Resolves: #1383992
+
 * Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 2.6.2-8
 - Rebuild for Python 3.6