diff --git a/src/protocol.py b/src/protocol.py
index ae04740bc1..3a3ccebefd 100644
--- a/src/protocol.py
+++ b/src/protocol.py
@@ -495,3 +495,9 @@ def broadcastToSendDataQueues(data):
     # this means TLSv1, there is no way to set "TLSv1 or higher" or
     # "TLSv1.2" in < 2.7.9
     sslProtocolVersion = ssl.PROTOCOL_TLSv1
+
+# ciphers
+if ssl.OPENSSL_VERSION_NUMBER >= 0x10100000
+    sslProtocolCiphers = "AECDH-AES256-SHA@SECLEVEL=0"
+else:
+    sslProtocolCiphers = "AECDH-AES256-SHA"
diff --git a/src/pyelliptic/openssl.py b/src/pyelliptic/openssl.py
index db9e7d2422..a26339ce7d 100644
--- a/src/pyelliptic/openssl.py
+++ b/src/pyelliptic/openssl.py
@@ -170,7 +170,7 @@ def __init__(self, library):
         self.EC_KEY_set_private_key.argtypes = [ctypes.c_void_p,
                                                 ctypes.c_void_p]
 
-        if self._hexversion > 0x10100000:
+        if self._hexversion >= 0x10100000:
             self.EC_KEY_OpenSSL = self._lib.EC_KEY_OpenSSL
             self._lib.EC_KEY_OpenSSL.restype = ctypes.c_void_p
             self._lib.EC_KEY_OpenSSL.argtypes = []
@@ -250,7 +250,7 @@ def __init__(self, library):
         self.EVP_rc4.restype = ctypes.c_void_p
         self.EVP_rc4.argtypes = []
  
-        if self._hexversion > 0x10100000:
+        if self._hexversion >= 0x10100000:
             self.EVP_CIPHER_CTX_reset = self._lib.EVP_CIPHER_CTX_reset
             self.EVP_CIPHER_CTX_reset.restype = ctypes.c_int
             self.EVP_CIPHER_CTX_reset.argtypes = [ctypes.c_void_p]
@@ -306,7 +306,7 @@ def __init__(self, library):
         self.ECDSA_verify.argtypes = [ctypes.c_int, ctypes.c_void_p,
                                       ctypes.c_int, ctypes.c_void_p, ctypes.c_int, ctypes.c_void_p]
 
-        if self._hexversion > 0x10100000:
+        if self._hexversion >= 0x10100000:
             self.EVP_MD_CTX_new = self._lib.EVP_MD_CTX_new
             self.EVP_MD_CTX_new.restype = ctypes.c_void_p
             self.EVP_MD_CTX_new.argtypes = []