diff --git a/openssl.c b/openssl.c
index ac0d919a..5f71139e 100644
--- a/openssl.c
+++ b/openssl.c
@@ -1698,6 +1698,17 @@ int openconnect_open_https(struct openconnect_info *vpninfo)
 		SSL_CTX_set_options(vpninfo->https_ctx, SSL_OP_NO_TICKET);
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x010100000L
+		/* OpenSSL versions after 1.1.0 added the notion of a "security level"
+		 * that enforces checks on certificates and ciphers.
+		 * These security levels overlap in functionality with the ciphersuite
+		 * priority/allow-strings.
+		 *
+		 * For now we will set the security level to 0, thus reverting
+		 * to the functionality seen in versions before 1.1.0. */
+		SSL_CTX_set_security_level(vpninfo->https_ctx, 0);
+#endif
+
 		if (vpninfo->cert) {
 			err = load_certificate(vpninfo);
 			if (!err && !SSL_CTX_check_private_key(vpninfo->https_ctx)) {