diff --git a/src/openssl.c b/src/openssl.c
index fd7d28e..d200d0e 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -40,13 +40,21 @@
 #include <sys/types.h>    /* ssize_t pid_t */
 #include <sys/time.h>     /* struct timeval gettimeofday(2) */
 #include <sys/stat.h>     /* struct stat stat(2) */
+#ifdef _WIN32_WINNT
+#include <winsock2.h>     /* struct in_addr */
+#include <windows.h>
+#include <ws2def.h>       /* AF_INET AF_INET6 */
+#include <in6addr.h>      /* struct in6_addr */
+#include <ws2tcpip.h>     /* inet_pton */
+#else
 #include <sys/socket.h>   /* AF_INET AF_INET6 */
 #include <sys/resource.h> /* RUSAGE_SELF struct rusage getrusage(2) */
 #include <sys/utsname.h>  /* struct utsname uname(3) */
-#include <fcntl.h>        /* O_RDONLY O_CLOEXEC open(2) */
-#include <unistd.h>       /* close(2) getpid(2) */
 #include <netinet/in.h>   /* struct in_addr struct in6_addr */
 #include <arpa/inet.h>    /* inet_pton(3) */
+#endif
+#include <fcntl.h>        /* O_RDONLY O_CLOEXEC open(2) */
+#include <unistd.h>       /* close(2) getpid(2) */
 #include <pthread.h>      /* pthread_mutex_init(3) pthread_mutex_lock(3) pthread_mutex_unlock(3) */
 #include <dlfcn.h>        /* dladdr(3) dlopen(3) */
 
@@ -117,39 +125,39 @@
 #endif
 
 #ifndef HAVE_ASN1_STRING_GET0_DATA
-#define HAVE_ASN1_STRING_GET0_DATA OPENSSL_PREREQ(1,1,0)
+#define HAVE_ASN1_STRING_GET0_DATA OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_DH_GET0_KEY
-#define HAVE_DH_GET0_KEY OPENSSL_PREREQ(1,1,0)
+#define HAVE_DH_GET0_KEY OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_DH_GET0_PQG
-#define HAVE_DH_GET0_PQG OPENSSL_PREREQ(1,1,0)
+#define HAVE_DH_GET0_PQG OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_DH_SET0_KEY
-#define HAVE_DH_SET0_KEY OPENSSL_PREREQ(1,1,0)
+#define HAVE_DH_SET0_KEY OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_DH_SET0_PQG
-#define HAVE_DH_SET0_PQG OPENSSL_PREREQ(1,1,0)
+#define HAVE_DH_SET0_PQG OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_DSA_GET0_KEY
-#define HAVE_DSA_GET0_KEY OPENSSL_PREREQ(1,1,0)
+#define HAVE_DSA_GET0_KEY OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_DSA_GET0_PQG
-#define HAVE_DSA_GET0_PQG OPENSSL_PREREQ(1,1,0)
+#define HAVE_DSA_GET0_PQG OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_DSA_SET0_KEY
-#define HAVE_DSA_SET0_KEY OPENSSL_PREREQ(1,1,0)
+#define HAVE_DSA_SET0_KEY OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_DSA_SET0_PQG
-#define HAVE_DSA_SET0_PQG OPENSSL_PREREQ(1,1,0)
+#define HAVE_DSA_SET0_PQG OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_DTLSV1_CLIENT_METHOD
@@ -168,7 +176,7 @@
 #ifdef OPENSSL_NO_DTLS1
 #define HAVE_DTLS_CLIENT_METHOD (0)
 #else
-#define HAVE_DTLS_CLIENT_METHOD OPENSSL_PREREQ(1,0,2)
+#define HAVE_DTLS_CLIENT_METHOD OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(3,1,0)
 #endif
 #endif
 
@@ -180,7 +188,7 @@
 #ifdef OPENSSL_NO_DTLS1
 #define HAVE_DTLSV1_2_CLIENT_METHOD (0)
 #else
-#define HAVE_DTLSV1_2_CLIENT_METHOD OPENSSL_PREREQ(1,0,2)
+#define HAVE_DTLSV1_2_CLIENT_METHOD OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(3,1,0)
 #endif
 #endif
 
@@ -189,19 +197,19 @@
 #endif
 
 #ifndef HAVE_EVP_CIPHER_CTX_FREE
-#define HAVE_EVP_CIPHER_CTX_FREE OPENSSL_PREREQ(1,1,0)
+#define HAVE_EVP_CIPHER_CTX_FREE OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_EVP_CIPHER_CTX_NEW
-#define HAVE_EVP_CIPHER_CTX_NEW OPENSSL_PREREQ(1,1,0)
+#define HAVE_EVP_CIPHER_CTX_NEW OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_EVP_MD_CTX_FREE
-#define HAVE_EVP_MD_CTX_FREE OPENSSL_PREREQ(1,1,0)
+#define HAVE_EVP_MD_CTX_FREE OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_EVP_MD_CTX_NEW
-#define HAVE_EVP_MD_CTX_NEW OPENSSL_PREREQ(1,1,0)
+#define HAVE_EVP_MD_CTX_NEW OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_EVP_PKEY_GET_DEFAULT_DIGEST_NID
@@ -209,7 +217,7 @@
 #endif
 
 #ifndef HAVE_EVP_PKEY_BASE_ID
-#define HAVE_EVP_PKEY_BASE_ID OPENSSL_PREREQ(1,1,0)
+#define HAVE_EVP_PKEY_BASE_ID OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_EVP_PKEY_CTX_NEW
@@ -217,55 +225,55 @@
 #endif
 
 #ifndef HAVE_EVP_PKEY_GET0
-#define HAVE_EVP_PKEY_GET0 OPENSSL_PREREQ(1,1,0)
+#define HAVE_EVP_PKEY_GET0 OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_EVP_PKEY_ID
-#define HAVE_EVP_PKEY_ID OPENSSL_PREREQ(1,1,0)
+#define HAVE_EVP_PKEY_ID OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_HMAC_CTX_FREE
-#define HAVE_HMAC_CTX_FREE OPENSSL_PREREQ(1,1,0)
+#define HAVE_HMAC_CTX_FREE OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_HMAC_CTX_NEW
-#define HAVE_HMAC_CTX_NEW OPENSSL_PREREQ(1,1,0)
+#define HAVE_HMAC_CTX_NEW OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_I2D_RE_X509_REQ_TBS
-#define HAVE_I2D_RE_X509_REQ_TBS OPENSSL_PREREQ(1,1,0)
+#define HAVE_I2D_RE_X509_REQ_TBS OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_RSA_GET0_CRT_PARAMS
-#define HAVE_RSA_GET0_CRT_PARAMS OPENSSL_PREREQ(1,1,0)
+#define HAVE_RSA_GET0_CRT_PARAMS OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_RSA_GET0_FACTORS
-#define HAVE_RSA_GET0_FACTORS OPENSSL_PREREQ(1,1,0)
+#define HAVE_RSA_GET0_FACTORS OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_RSA_GET0_KEY
-#define HAVE_RSA_GET0_KEY OPENSSL_PREREQ(1,1,0)
+#define HAVE_RSA_GET0_KEY OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_RSA_SET0_CRT_PARAMS
-#define HAVE_RSA_SET0_CRT_PARAMS OPENSSL_PREREQ(1,1,0)
+#define HAVE_RSA_SET0_CRT_PARAMS OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_RSA_SET0_FACTORS
-#define HAVE_RSA_SET0_FACTORS OPENSSL_PREREQ(1,1,0)
+#define HAVE_RSA_SET0_FACTORS OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_RSA_SET0_KEY
-#define HAVE_RSA_SET0_KEY OPENSSL_PREREQ(1,1,0)
+#define HAVE_RSA_SET0_KEY OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_SSL_CLIENT_VERSION
-#define HAVE_SSL_CLIENT_VERSION OPENSSL_PREREQ(1,1,0)
+#define HAVE_SSL_CLIENT_VERSION OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_SSL_CTX_GET0_PARAM
-#define HAVE_SSL_CTX_GET0_PARAM OPENSSL_PREREQ(1,0,2)
+#define HAVE_SSL_CTX_GET0_PARAM OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(3,1,0)
 #endif
 
 #ifndef HAVE_SSL_CTX_SET_CURVES_LIST
@@ -301,11 +309,11 @@
 #endif
 
 #ifndef HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE
-#define HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
+#define HAVE_SSL_CTX_SET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE
-#define HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
+#define HAVE_SSL_CTX_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_SSL_GET0_ALPN_SELECTED
@@ -313,7 +321,7 @@
 #endif
 
 #ifndef HAVE_SSL_GET0_PARAM
-#define HAVE_SSL_GET0_PARAM OPENSSL_PREREQ(1,0,2)
+#define HAVE_SSL_GET0_PARAM OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(3,1,0)
 #endif
 
 #ifndef HAVE_SSL_SET_ALPN_PROTOS
@@ -325,27 +333,27 @@
 #endif
 
 #ifndef HAVE_SSL_SET1_PARAM
-#define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2)
+#define HAVE_SSL_SET1_PARAM OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(3,1,0)
 #endif
 
 #ifndef HAVE_SSL_GET_CLIENT_RANDOM
-#define HAVE_SSL_GET_CLIENT_RANDOM OPENSSL_PREREQ(1,1,0)
+#define HAVE_SSL_GET_CLIENT_RANDOM OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_SSL_GET_TLSEXT_STATUS_TYPE
-#define HAVE_SSL_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0)
+#define HAVE_SSL_GET_TLSEXT_STATUS_TYPE OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_SSL_UP_REF
-#define HAVE_SSL_UP_REF OPENSSL_PREREQ(1,1,0)
+#define HAVE_SSL_UP_REF OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_SSL_OP_NO_SSL_MASK
-#define HAVE_SSL_OP_NO_SSL_MASK OPENSSL_PREREQ(1,0,2)
+#define HAVE_SSL_OP_NO_SSL_MASK OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(3,1,0)
 #endif
 
 #ifndef HAVE_SSL_OP_NO_DTLS_MASK
-#define HAVE_SSL_OP_NO_DTLS_MASK OPENSSL_PREREQ(1,1,0)
+#define HAVE_SSL_OP_NO_DTLS_MASK OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_STACK_OPENSSL_STRING_FUNCS
@@ -353,23 +361,23 @@
 #endif
 
 #ifndef HAVE_X509_CRL_GET0_LASTUPDATE
-#define HAVE_X509_CRL_GET0_LASTUPDATE OPENSSL_PREREQ(1,1,0)
+#define HAVE_X509_CRL_GET0_LASTUPDATE OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_X509_CRL_GET0_NEXTUPDATE
-#define HAVE_X509_CRL_GET0_NEXTUPDATE OPENSSL_PREREQ(1,1,0)
+#define HAVE_X509_CRL_GET0_NEXTUPDATE OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_X509_CRL_SET1_LASTUPDATE
-#define HAVE_X509_CRL_SET1_LASTUPDATE OPENSSL_PREREQ(1,1,0)
+#define HAVE_X509_CRL_SET1_LASTUPDATE OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_X509_CRL_SET1_NEXTUPDATE
-#define HAVE_X509_CRL_SET1_NEXTUPDATE OPENSSL_PREREQ(1,1,0)
+#define HAVE_X509_CRL_SET1_NEXTUPDATE OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_X509_GET_SIGNATURE_NID
-#define HAVE_X509_GET_SIGNATURE_NID OPENSSL_PREREQ(1,0,2)
+#define HAVE_X509_GET_SIGNATURE_NID OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(3,1,0)
 #endif
 
 #ifndef HAVE_X509_STORE_REFERENCES
@@ -377,31 +385,31 @@
 #endif
 
 #ifndef HAVE_X509_STORE_UP_REF
-#define HAVE_X509_STORE_UP_REF OPENSSL_PREREQ(1,1,0)
+#define HAVE_X509_STORE_UP_REF OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_X509_UP_REF
-#define HAVE_X509_UP_REF OPENSSL_PREREQ(1,1,0)
+#define HAVE_X509_UP_REF OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_X509_VERIFY_PARAM_ADD1_HOST
-#define HAVE_X509_VERIFY_PARAM_ADD1_HOST OPENSSL_PREREQ(1,0,2)
+#define HAVE_X509_VERIFY_PARAM_ADD1_HOST OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(3,1,0)
 #endif
 
 #ifndef HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL
-#define HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL OPENSSL_PREREQ(1,1,0)
+#define HAVE_X509_VERIFY_PARAM_SET_AUTH_LEVEL OPENSSL_PREREQ(1,1,0) || LIBRESSL_PREREQ(3,0,1)
 #endif
 
 #ifndef HAVE_X509_VERIFY_PARAM_SET1_EMAIL
-#define HAVE_X509_VERIFY_PARAM_SET1_EMAIL OPENSSL_PREREQ(1,0,2)
+#define HAVE_X509_VERIFY_PARAM_SET1_EMAIL OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(3,1,0)
 #endif
 
 #ifndef HAVE_X509_VERIFY_PARAM_SET1_HOST
-#define HAVE_X509_VERIFY_PARAM_SET1_HOST OPENSSL_PREREQ(1,0,2)
+#define HAVE_X509_VERIFY_PARAM_SET1_HOST OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(3,1,0)
 #endif
 
 #ifndef HAVE_X509_VERIFY_PARAM_SET1_IP_ASC
-#define HAVE_X509_VERIFY_PARAM_SET1_IP_ASC OPENSSL_PREREQ(1,0,2)
+#define HAVE_X509_VERIFY_PARAM_SET1_IP_ASC OPENSSL_PREREQ(1,0,2) || LIBRESSL_PREREQ(3,1,0)
 #endif
 
 #ifndef HMAC_INIT_EX_INT
@@ -797,6 +805,14 @@ static const char *aux_strerror_r(int error, char *dst, size_t lim) {
 	static const char unknown[] = "Unknown error: ";
 	size_t n;
 
+#ifdef _WIN32_WINNT
+/*
+Vanilla strerr() is thread-safe on Windows:
+https://learn.microsoft.com/en-us/cpp/c-runtime-library/reference/strerror-strerror-wcserror-wcserror?view=msvc-170&viewFallbackFrom=vs-2019
+*/
+#define strerror_r(a,b,c) strerror_s(b,c,a)
+#endif
+
 #if STRERROR_R_CHAR_P
 	char *rv = strerror_r(error, dst, lim);
 
@@ -10082,8 +10098,6 @@ error:;
 	struct {
 		struct timeval tv;
 		pid_t pid;
-		struct rusage ru;
-		struct utsname un;
 		uintptr_t aslr;
 #if defined __APPLE__
 		uint64_t mt;
@@ -10094,8 +10108,6 @@ error:;
 
 	gettimeofday(&junk.tv, NULL);
 	junk.pid = getpid();
-	getrusage(RUSAGE_SELF, &junk.ru);
-	uname(&junk.un);
 	junk.aslr = (uintptr_t)&strcpy ^ (uintptr_t)&randL_stir;
 #if defined __APPLE__
 	junk.mt = mach_absolute_time();