diff --git a/configure.ac b/configure.ac
index b62b4d36af..6d2312d159 100644
--- a/configure.ac
+++ b/configure.ac
@@ -376,6 +376,8 @@ AM_CONDITIONAL(THREADS_PTHREADS, test "$bwin32" = "false")
 
 AC_CHECK_FUNCS(
         _NSGetEnviron \
+	RtlSecureZeroMemory \
+	SecureZeroMemory \
         accept4 \
         backtrace \
         backtrace_symbols_fd \
diff --git a/src/common/compat_openssl.h b/src/common/compat_openssl.h
index 5825ff7a4d..9c98181bdd 100644
--- a/src/common/compat_openssl.h
+++ b/src/common/compat_openssl.h
@@ -19,8 +19,14 @@
 #error "We require OpenSSL >= 1.0.0"
 #endif
 
-#if OPENSSL_VERSION_NUMBER < OPENSSL_V_SERIES(1,1,0) || \
-   defined(LIBRESSL_VERSION_NUMBER)
+#if OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,1,0) && \
+   ! defined(LIBRESSL_VERSION_NUMBER)
+/* We define this macro if we're trying to build with the majorly refactored
+ * API in OpenSSL 1.1 */
+#define OPENSSL_1_1_API
+#endif
+
+#ifndef OPENSSL_1_1_API
 #define OPENSSL_VERSION SSLEAY_VERSION
 #define OpenSSL_version(v) SSLeay_version(v)
 #define OpenSSL_version_num() SSLeay()
diff --git a/src/common/crypto.c b/src/common/crypto.c
index 2f498ac6be..9cc5ee01fa 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2960,9 +2960,11 @@ memwipe(void *mem, uint8_t byte, size_t sz)
    * have this function call "memset".  A smart compiler could inline it, then
    * eliminate dead memsets, and declare itself to be clever. */
 
-#ifdef _WIN32
+#if defined(SecureZeroMemory) || defined(HAVE_SECUREZEROMEMORY)
   /* Here's what you do on windows. */
   SecureZeroMemory(mem,sz);
+#elif defined(HAVE_RTLSECUREZEROMEMORY)
+  RtlSecureZeroMemory(mem,sz);
 #elif defined(HAVE_EXPLICIT_BZERO)
   /* The BSDs provide this. */
   explicit_bzero(mem, sz);