diff --git a/Configure b/Configure
index 1369f592dc823d2da43b844aa175ee13542f5143..708594a7e5ccc80634cebc85513cba9783b2949f 100755
--- a/Configure
+++ b/Configure
@@ -854,6 +854,11 @@ PROCESS_ARGS:
 					{
 					$disabled{"tls1"} = "option(tls)"
 					}
+				elsif ($1 eq "ssl3-method")
+					{
+					$disabled{"ssl3-method"} = "option(ssl)";
+					$disabled{"ssl3"} = "option(ssl)";
+					}
 				else
 					{
 					$disabled{$1} = "option";
diff --git a/apps/s_client.c b/apps/s_client.c
index a6f972a8a91eb474e417eac968160171564e0e93..e4281c612460ba51957639e2445db0e008d17f4b 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -336,7 +336,9 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N);
 #endif
 	BIO_printf(bio_err," -ssl2         - just use SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
 	BIO_printf(bio_err," -ssl3         - just use SSLv3\n");
+#endif
 	BIO_printf(bio_err," -tls1_2       - just use TLSv1.2\n");
 	BIO_printf(bio_err," -tls1_1       - just use TLSv1.1\n");
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
@@ -914,7 +916,7 @@ static char *jpake_secret = NULL;
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			meth=SSLv3_client_method();
 #endif
diff --git a/apps/s_server.c b/apps/s_server.c
index 1e15281c213afafbb726e71eb0d42d94862dd102..c9764e923bb3f5aa1e76c863d2486fa762bb22ba 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -509,7 +509,9 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n");
 #endif
 	BIO_printf(bio_err," -ssl2         - Just talk SSLv2\n");
+#ifndef OPENSSL_NO_SSL3_METHOD
 	BIO_printf(bio_err," -ssl3         - Just talk SSLv3\n");
+#endif
 	BIO_printf(bio_err," -tls1_2       - Just talk TLSv1.2\n");
 	BIO_printf(bio_err," -tls1_1       - Just talk TLSv1.1\n");
 	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
@@ -1408,7 +1410,7 @@ int MAIN(int argc, char *argv[])
 		else if	(strcmp(*argv,"-ssl2") == 0)
 			{ meth=SSLv2_server_method(); }
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			{ meth=SSLv3_server_method(); }
 #endif
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 68c00c52c769869a449e6656868bf0ab71687c98..c84c662dc85862807e1b8eb4c144866eb86d1986 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -167,9 +167,9 @@
 #include <openssl/engine.h>
 #endif
 
-static const SSL_METHOD *ssl3_get_client_method(int ver);
 static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);
 
+#ifndef OPENSSL_NO_SSL3_METHOD
 static const SSL_METHOD *ssl3_get_client_method(int ver)
 	{
 	if (ver == SSL3_VERSION)
@@ -182,6 +182,7 @@ IMPLEMENT_ssl3_meth_func(SSLv3_client_method,
 			ssl_undefined_function,
 			ssl3_connect,
 			ssl3_get_client_method)
+#endif
 
 int ssl3_connect(SSL *s)
 	{
diff --git a/ssl/s3_meth.c b/ssl/s3_meth.c
index cdddb17b627d775dc65f6e5f77810d9f36ecf628..4dec7033d6c90ae309d5845beff53f865eed1e60 100644
--- a/ssl/s3_meth.c
+++ b/ssl/s3_meth.c
@@ -60,7 +60,7 @@
 #include <openssl/objects.h>
 #include "ssl_locl.h"
 
-static const SSL_METHOD *ssl3_get_method(int ver);
+#ifndef OPENSSL_NO_SSL3_METHOD
 static const SSL_METHOD *ssl3_get_method(int ver)
 	{
 	if (ver == SSL3_VERSION)
@@ -73,5 +73,4 @@ IMPLEMENT_ssl3_meth_func(SSLv3_method,
 			 ssl3_accept,
 			 ssl3_connect,
 			 ssl3_get_method)
-
-
+#endif
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index b5533262815ec19ea076b79d6d6f1f5e7e24119f..876a24550802b4690c1f604c19c32cd3d0bea51f 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -170,6 +170,7 @@
 #endif
 #include <openssl/md5.h>
 
+#ifndef OPENSSL_NO_SSL3_METHOD
 static const SSL_METHOD *ssl3_get_server_method(int ver);
 
 static const SSL_METHOD *ssl3_get_server_method(int ver)
@@ -180,6 +181,12 @@ static const SSL_METHOD *ssl3_get_server_method(int ver)
 		return(NULL);
 	}
 
+IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
+			ssl3_accept,
+			ssl_undefined_function,
+			ssl3_get_server_method)
+#endif
+
 #ifndef OPENSSL_NO_SRP
 static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
 	{
@@ -206,11 +213,6 @@ static int ssl_check_srp_ext_ClientHello(SSL *s, int *al)
 	}
 #endif
 
-IMPLEMENT_ssl3_meth_func(SSLv3_server_method,
-			ssl3_accept,
-			ssl_undefined_function,
-			ssl3_get_server_method)
-
 int ssl3_accept(SSL *s)
 	{
 	BUF_MEM *buf;
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 681dec9c67abef1b71f7f7465d5bc6b18fe28af4..beb00a042a5d01453c50d8163536ba24b492caf9 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2235,9 +2235,11 @@ const SSL_METHOD *SSLv2_server_method(void);	/* SSLv2 */
 const SSL_METHOD *SSLv2_client_method(void);	/* SSLv2 */
 #endif
 
+#ifndef OPENSSL_NO_SSL3_METHOD
 const SSL_METHOD *SSLv3_method(void);		/* SSLv3 */
 const SSL_METHOD *SSLv3_server_method(void);	/* SSLv3 */
 const SSL_METHOD *SSLv3_client_method(void);	/* SSLv3 */
+#endif
 
 const SSL_METHOD *SSLv23_method(void);	/* SSLv3 but can rollback to v2 */
 const SSL_METHOD *SSLv23_server_method(void);	/* SSLv3 but can rollback to v2 */
diff --git a/ssl/ssltest.c b/ssl/ssltest.c
index 028f8525f6d9deefd582b360b27480abbe407671..4f2f477a043d23871283cca5e306f544206abb5e 100644
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -776,7 +776,7 @@ static void sv_usage(void)
 #ifndef OPENSSL_NO_SSL2
 	fprintf(stderr," -ssl2         - use SSLv2\n");
 #endif
-#ifndef OPENSSL_NO_SSL3
+#ifndef OPENSSL_NO_SSL3_METHOD
 	fprintf(stderr," -ssl3         - use SSLv3\n");
 #endif
 #ifndef OPENSSL_NO_TLS1
@@ -1180,7 +1180,7 @@ int main(int argc, char *argv[])
 			}
 		else if	(strcmp(*argv,"-ssl3") == 0)
 			{
-#ifdef OPENSSL_NO_SSL3
+#ifdef OPENSSL_NO_SSL3_METHOD
 			no_protocol = 1;
 #endif
 			ssl3 = 1;
diff --git a/util/mk1mf.pl b/util/mk1mf.pl
index 73523ef4e1d8ebd7a4dfa91569a7d8273c546b8c..0fcadcbad8609eebedf519dc208c71873315be2d 100755
--- a/util/mk1mf.pl
+++ b/util/mk1mf.pl
@@ -1388,12 +1388,17 @@ sub do_copy_rule
 	return($ret);
 	}
 
+# Options picked up from the OPTIONS line in the top level Makefile
+# generated by Configure.
+
 sub read_options
 	{
 	# Many options are handled in a similar way. In particular
 	# no-xxx sets zero or more scalars to 1.
-	# Process these using a hash containing the option name and
-	# reference to the scalars to set.
+	# Process these using the %valid_options hash containing the option
+	# name and reference to the scalars to set. In some cases the option
+	# needs no special handling and can be ignored: this is done by
+	# setting the value to 0.
 
 	my %valid_options = (
 		"no-rc2" => \$no_rc2,
@@ -1427,6 +1432,7 @@ sub read_options
 		"gaswin" => \$gaswin,
 		"no-ssl2" => \$no_ssl2,
 		"no-ssl3" => \$no_ssl3,
+		"no-ssl3-method" => 0,
 		"no-tlsext" => \$no_tlsext,
 		"no-srp" => \$no_srp,
 		"no-cms" => \$no_cms,
diff --git a/util/mkdef.pl b/util/mkdef.pl
index 0f42504f97ef2af90198a412b7d85b678bef4eff..460d56523ab4af2fac29b7127bb184e6f388228a 100755
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@@ -108,6 +108,8 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF",
 			 "CAPIENG",
 			 # SSL v2
 			 "SSL2",
+			 # SSL v3 method
+			 "SSL3_METHOD",
 			 # JPAKE
 			 "JPAKE",
 			 # NEXTPROTONEG
@@ -144,7 +146,7 @@ my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated;
 my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng;
 my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; 
 my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace;
-my $no_unit_test;
+my $no_unit_test; my $no_ssl3_method;
 
 my $fips;
 
@@ -239,6 +241,7 @@ foreach (@ARGV, split(/ /, $options))
  	elsif (/^no-ec-nistp224-64-gcc-128$/)	{ $no_nistp_gcc=1; }
 	elsif (/^no-nextprotoneg$/)	{ $no_nextprotoneg=1; }
 	elsif (/^no-ssl2$/)	{ $no_ssl2=1; }
+	elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; }
 	elsif (/^no-ssl-trace$/) { $no_ssl_trace=1; }
 	elsif (/^no-capieng$/)	{ $no_capieng=1; }
 	elsif (/^no-jpake$/)	{ $no_jpake=1; }
@@ -1210,6 +1213,7 @@ sub is_valid
 			if ($keyword eq "EC2M" && $no_ec2m) { return 0; }
 			if ($keyword eq "NEXTPROTONEG" && $no_nextprotoneg) { return 0; }
 			if ($keyword eq "SSL2" && $no_ssl2) { return 0; }
+			if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; }
 			if ($keyword eq "SSL_TRACE" && $no_ssl_trace) { return 0; }
 			if ($keyword eq "CAPIENG" && $no_capieng) { return 0; }
 			if ($keyword eq "JPAKE" && $no_jpake) { return 0; }
diff --git a/util/ssleay.num b/util/ssleay.num
index affe14a790844671cc2aa04213c2b1f105a6a186..a289559c200c88882c5f9029fd517ce71bdc6432 100755
--- a/util/ssleay.num
+++ b/util/ssleay.num
@@ -101,9 +101,9 @@ SSLv23_server_method                    112	EXIST::FUNCTION:RSA
 SSLv2_client_method                     113	EXIST::FUNCTION:RSA,SSL2
 SSLv2_method                            114	EXIST::FUNCTION:RSA,SSL2
 SSLv2_server_method                     115	EXIST::FUNCTION:RSA,SSL2
-SSLv3_client_method                     116	EXIST::FUNCTION:
-SSLv3_method                            117	EXIST::FUNCTION:
-SSLv3_server_method                     118	EXIST::FUNCTION:
+SSLv3_client_method                     116	EXIST::FUNCTION:SSL3_METHOD
+SSLv3_method                            117	EXIST::FUNCTION:SSL3_METHOD
+SSLv3_server_method                     118	EXIST::FUNCTION:SSL3_METHOD
 d2i_SSL_SESSION                         119	EXIST::FUNCTION:
 i2d_SSL_SESSION                         120	EXIST::FUNCTION:
 BIO_f_ssl                               121	EXIST::FUNCTION:BIO