diff --git a/src/libmain/shared.cc b/src/libmain/shared.cc
index 910549583..0afddfb78 100644
--- a/src/libmain/shared.cc
+++ b/src/libmain/shared.cc
@@ -15,6 +15,8 @@
 #include <unistd.h>
 #include <signal.h>
 
+#include <openssl/crypto.h>
+
 
 namespace nix {
 
@@ -78,6 +80,20 @@ string getArg(const string & opt,
 }
 
 
+/* OpenSSL is not thread-safe by default - it will randomly crash
+   unless the user supplies a mutex locking function. So let's do
+   that. */
+static std::vector<std::mutex> opensslLocks;
+
+static void opensslLockCallback(int mode, int type, const char * file, int line)
+{
+    if (mode & CRYPTO_LOCK)
+        opensslLocks[type].lock();
+    else
+        opensslLocks[type].unlock();
+}
+
+
 static void sigHandler(int signo) { }
 
 
@@ -89,6 +105,10 @@ void initNix()
     std::cerr.rdbuf()->pubsetbuf(buf, sizeof(buf));
 #endif
 
+    /* Initialise OpenSSL locking. */
+    opensslLocks = std::vector<std::mutex>(CRYPTO_num_locks());
+    CRYPTO_set_locking_callback(opensslLockCallback);
+
     loadConfFile();
 
     startSignalHandlerThread();
diff --git a/src/libutil/hash.cc b/src/libutil/hash.cc
index 362c537fe..1c14ebb18 100644
--- a/src/libutil/hash.cc
+++ b/src/libutil/hash.cc
@@ -13,10 +13,6 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 
-#if OPENSSL_VERSION_NUMBER < 0x10101000L
-#error "Unsupported version of OpenSSL, you need at least 1.1.1"
-#endif
-
 namespace nix {