diff --git a/lfs/openssl b/lfs/openssl
index 7a39f14de..71f2bc826 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 1.1.0g
+VER        = 1.1.0h
 
 THISAPP    = openssl-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -51,8 +51,6 @@ CONFIGURE_OPTIONS = \
 	enable-md2 \
 	enable-seed \
 	enable-rfc3779 \
-	enable-ssl3 \
-	enable-ssl3-method \
 	no-idea \
 	no-mdc2 \
 	no-rc5 \
@@ -89,7 +87,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = ba5f1b8b835b88cadbce9b35ed9531a6
+$(DL_FILE)_MD5 = 5271477e4d93f4ea032b665ef095ff24
 
 install : $(TARGET)
 
@@ -119,7 +117,6 @@ $(subst %,%_MD5,$(objects)) :
 $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
-	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.0-disable-ssl3.patch
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.1.0g-weak-ciphers.patch
 
 	# Apply our CFLAGS
diff --git a/src/patches/openssl-1.1.0-disable-ssl3.patch b/src/patches/openssl-1.1.0-disable-ssl3.patch
deleted file mode 100644
index 267c02c62..000000000
--- a/src/patches/openssl-1.1.0-disable-ssl3.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-diff -up openssl-1.1.0f/apps/s_client.c.disable-ssl3 openssl-1.1.0f/apps/s_client.c
---- openssl-1.1.0f/apps/s_client.c.disable-ssl3	2017-06-05 15:42:44.838853312 +0200
-+++ openssl-1.1.0f/apps/s_client.c	2017-07-17 14:50:06.468821871 +0200
-@@ -1486,6 +1486,9 @@ int s_client_main(int argc, char **argv)
-     if (sdebug)
-         ssl_ctx_security_debug(ctx, sdebug);
- 
-+    if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
-+        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+
-     if (ssl_config) {
-         if (SSL_CTX_config(ctx, ssl_config) == 0) {
-             BIO_printf(bio_err, "Error using configuration \"%s\"\n",
-diff -up openssl-1.1.0f/apps/s_server.c.disable-ssl3 openssl-1.1.0f/apps/s_server.c
---- openssl-1.1.0f/apps/s_server.c.disable-ssl3	2017-05-25 14:46:18.000000000 +0200
-+++ openssl-1.1.0f/apps/s_server.c	2017-07-17 14:49:50.434447583 +0200
-@@ -1614,6 +1614,10 @@ int s_server_main(int argc, char *argv[]
-     }
-     if (sdebug)
-         ssl_ctx_security_debug(ctx, sdebug);
-+
-+    if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
-+        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+
-     if (ssl_config) {
-         if (SSL_CTX_config(ctx, ssl_config) == 0) {
-             BIO_printf(bio_err, "Error using configuration \"%s\"\n",
-diff -up openssl-1.1.0/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.0/ssl/ssl_lib.c
---- openssl-1.1.0/ssl/ssl_lib.c.disable-ssl3	2016-08-25 17:29:22.000000000 +0200
-+++ openssl-1.1.0/ssl/ssl_lib.c	2016-09-08 11:08:05.252082263 +0200
-@@ -2470,6 +2470,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
-      * or by using the SSL_CONF library.
-      */
-     ret->options |= SSL_OP_NO_COMPRESSION;
-+    /*
-+     * Disable SSLv3 by default.  Applications can
-+     * re-enable it by configuring
-+     * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
-+     * or by using the SSL_CONF library.
-+     */
-+    ret->options |= SSL_OP_NO_SSLv3;
- 
-     ret->tlsext_status_type = -1;
- 
-diff -up openssl-1.1.0/test/ssl_test.c.disable-ssl3 openssl-1.1.0/test/ssl_test.c
---- openssl-1.1.0/test/ssl_test.c.disable-ssl3	2016-09-08 11:08:05.252082263 +0200
-+++ openssl-1.1.0/test/ssl_test.c	2016-09-08 11:11:44.802005886 +0200
-@@ -258,6 +258,7 @@ static int execute_test(SSL_TEST_FIXTURE
-             SSL_TEST_SERVERNAME_CB_NONE) {
-             server2_ctx = SSL_CTX_new(TLS_server_method());
-             TEST_check(server2_ctx != NULL);
-+            SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
-         }
-         client_ctx = SSL_CTX_new(TLS_client_method());
- 
-@@ -266,11 +267,15 @@ static int execute_test(SSL_TEST_FIXTURE
-             resume_client_ctx = SSL_CTX_new(TLS_client_method());
-             TEST_check(resume_server_ctx != NULL);
-             TEST_check(resume_client_ctx != NULL);
-+            SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
-+            SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3);
-         }
-     }
- 
-     TEST_check(server_ctx != NULL);
-     TEST_check(client_ctx != NULL);
-+    SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
-+    SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
- 
-     TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0);
- 
-diff -up openssl-1.1.0/test/ssltest_old.c.disable-ssl3 openssl-1.1.0/test/ssltest_old.c
---- openssl-1.1.0/test/ssltest_old.c.disable-ssl3	2016-08-25 17:29:23.000000000 +0200
-+++ openssl-1.1.0/test/ssltest_old.c	2016-09-08 11:08:05.253082286 +0200
-@@ -1456,6 +1456,11 @@ int main(int argc, char *argv[])
-         ERR_print_errors(bio_err);
-         goto end;
-     }
-+
-+    SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3);
-+    SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3);
-+    SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3);
-+
-     /*
-      * Since we will use low security ciphersuites and keys for testing set
-      * security level to zero by default. Tests can override this by adding