diff --git a/.travis.yml b/.travis.yml
index b08238d..0b96af7 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -22,7 +22,7 @@ before_install:
  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi
  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install openssl ; fi
  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get -qq update ; fi
- - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get install -y libpcsclite-dev libxcursor-dev libao-dev libasound2-dev libtasn1-dev; fi
+ - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get install -y libpcsclite-dev libxcursor-dev libao-dev libasound2-dev libtasn1-dev nettle-dev ; fi
 
 script: 
     - ./bootstrap
diff --git a/configure.ac b/configure.ac
index 7244fa1..58f1fa7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -215,6 +215,20 @@ else
 	   exit 1
 fi
 
+# nettle
+if test -n "$PKG_CONFIG"; then
+    PKG_CHECK_MODULES(NETTLE, nettle, [HAVE_NETTLE=1], [HAVE_NETTLE=0])
+fi
+if test x"$HAVE_NETTLE" = "x1"; then
+    CFLAGS="$CFLAGS $NETTLE_CFLAGS"
+    LIBS="$LIBS $NETTLE_LIBS"
+else
+	   echo
+	   echo "rdesktop requires Nettle. Please install the dependency"
+	   echo
+	   exit 1
+fi
+
 dnl Smartcard support
 AC_ARG_ENABLE(smartcard, AS_HELP_STRING([--disable-smartcard], [disable support for smartcard]))
 AS_IF([test "x$enable_smartcard" != "xno"], [
diff --git a/ssl.c b/ssl.c
index 334e57d..b178d80 100644
--- a/ssl.c
+++ b/ssl.c
@@ -4,6 +4,7 @@
    Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
    Copyright (C) Jay Sorg <j@american-data.com> 2006-2008
    Copyright 2016-2017 Henrik Andersson <hean01@cendio.se> for Cendio AB
+   Copyright 2017 Alexander Zakharov <uglym8@gmail.com>
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -21,6 +22,7 @@
 
 #include "rdesktop.h"
 #include "ssl.h"
+#include "asn.h"
 
 /* Helper function to log internal SSL errors using logger */
 void
@@ -43,49 +45,49 @@ rdssl_log_ssl_errors(const char *prefix)
 void
 rdssl_sha1_init(RDSSL_SHA1 * sha1)
 {
-	SHA1_Init(sha1);
+	sha1_init(sha1);
 }
 
 void
 rdssl_sha1_update(RDSSL_SHA1 * sha1, uint8 * data, uint32 len)
 {
-	SHA1_Update(sha1, data, len);
+	sha1_update(sha1, len, data);
 }
 
 void
 rdssl_sha1_final(RDSSL_SHA1 * sha1, uint8 * out_data)
 {
-	SHA1_Final(out_data, sha1);
+	sha1_digest(sha1, SHA1_DIGEST_SIZE, out_data);
 }
 
 void
 rdssl_md5_init(RDSSL_MD5 * md5)
 {
-	MD5_Init(md5);
+	md5_init(md5);
 }
 
 void
 rdssl_md5_update(RDSSL_MD5 * md5, uint8 * data, uint32 len)
 {
-	MD5_Update(md5, data, len);
+	md5_update(md5, len, data);
 }
 
 void
 rdssl_md5_final(RDSSL_MD5 * md5, uint8 * out_data)
 {
-	MD5_Final(out_data, md5);
+	md5_digest(md5, MD5_DIGEST_SIZE, out_data);
 }
 
 void
 rdssl_rc4_set_key(RDSSL_RC4 * rc4, uint8 * key, uint32 len)
 {
-	RC4_set_key(rc4, len, key);
+	arcfour_set_key(rc4, len, key);
 }
 
 void
 rdssl_rc4_crypt(RDSSL_RC4 * rc4, uint8 * in_data, uint8 * out_data, uint32 len)
 {
-	RC4(rc4, len, in_data, out_data);
+	arcfour_crypt(rc4, len, out_data, in_data);
 }
 
 static void
@@ -327,5 +329,9 @@ void
 rdssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len,
 	       unsigned char *md)
 {
-	HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL);
+	struct hmac_md5_ctx ctx;
+
+	hmac_md5_set_key(&ctx, key_len, key);
+	hmac_md5_update(&ctx, msg_len, msg);
+	hmac_md5_digest(&ctx, MD5_DIGEST_SIZE, md);
 }
diff --git a/ssl.h b/ssl.h
index b5d27fa..c457647 100644
--- a/ssl.h
+++ b/ssl.h
@@ -4,6 +4,7 @@
    Copyright (C) Matthew Chapman 1999-2008
    Copyright (C) Jay Sorg 2006-2008
    Copyright 2017 Henrik Andersson <hean01@cendio.se> for Cendio AB
+   Copyright 2017 Alexander Zakharov <uglym8@gmail.com>
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -22,13 +23,9 @@
 #ifndef _RDSSL_H
 #define _RDSSL_H
 
-#include <openssl/rc4.h>
-#include <openssl/md5.h>
-#include <openssl/sha.h>
 #include <openssl/err.h>
 #include <openssl/bn.h>
 #include <openssl/x509v3.h>
-#include <openssl/hmac.h>
 
 #if defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x0090800f)
 #define D2I_X509_CONST const
@@ -36,9 +33,14 @@
 #define D2I_X509_CONST
 #endif
 
-#define RDSSL_RC4 RC4_KEY
-#define RDSSL_SHA1 SHA_CTX
-#define RDSSL_MD5 MD5_CTX
+#include <nettle/md5.h>
+#include <nettle/sha1.h>
+#include <nettle/arcfour.h>
+#include <nettle/hmac.h>
+
+#define RDSSL_RC4 struct arcfour_ctx
+#define RDSSL_SHA1 struct sha1_ctx
+#define RDSSL_MD5 struct md5_ctx
 #define RDSSL_CERT X509
 #define RDSSL_RKEY RSA
 
@@ -65,5 +67,4 @@ RD_BOOL rdssl_sig_ok(uint8 * exponent, uint32 exp_len, uint8 * modulus, uint32 m
 
 void rdssl_hmac_md5(const void *key, int key_len,
 		    const unsigned char *msg, int msg_len, unsigned char *md);
-void rdssl_log_ssl_errors(const char *prefix);
 #endif