diff --git a/debian/changelog b/debian/changelog
index d945587..b98a13d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,8 @@
   * Switch Vcs-Git header from git:// to https://.
   * Switch DEP5 format header from http:// to https://.
   * Switch to dh compat level 10, drop --parallel and --with autoreconf.
+  * Add patch to fix OpenSSL detection. (Closes: #845035) Thanks Hilko
+    Bengen for the report and the hint into the right direction!
 
  -- Axel Beckert <abe@debian.org>  Fri, 13 May 2016 14:31:49 +0200
 
diff --git a/debian/patches/fix-OpenSSL-1.1-detection.patch b/debian/patches/fix-OpenSSL-1.1-detection.patch
new file mode 100644
index 0000000..aec01bb
--- /dev/null
+++ b/debian/patches/fix-OpenSSL-1.1-detection.patch
@@ -0,0 +1,27 @@
+Description: Fix OpenSSL 1.1 detection and access to now opaque structures.
+Bug-Debian: https://bugs.debian.org/845035
+Author: Axel Beckert <abe@debian.org>
+Forwarded: not-yet
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -286,7 +286,7 @@
+ 
+   if test "x$ssl_ok" = "xyes"; then
+     old_libs="$LIBS"
+-    AC_CHECK_LIB(ssl, SSL_library_init, ssl_ok=yes, ssl_ok=no, -lcrypto)
++    AC_CHECK_LIB(ssl, SSL_new, ssl_ok=yes, ssl_ok=no, -lcrypto)
+     LIBS="$old_libs"
+   fi
+ 
+--- a/dpi/https.c
++++ b/dpi/https.c
+@@ -476,7 +476,7 @@
+       case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+          /*Either self signed and untrusted*/
+          /*Extract CN from certificate name information*/
+-         if ((cn = strstr(remote_cert->name, "/CN=")) == NULL) {
++         if ((cn = strstr(X509_get_subject_name((X509 *) remote_cert), "/CN=")) == NULL) {
+             strcpy(buf, "(no CN given)");
+          } else {
+             char *cn_end;
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..558636b
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1 @@
+fix-OpenSSL-1.1-detection.patch