--- Modules/_ssl.c.orig	2014-03-09 09:40:26.000000000 +0100
+++ Modules/_ssl.c	2015-09-26 15:53:49.266985391 +0200
@@ -1746,8 +1746,10 @@ context_new(PyTypeObject *type, PyObject
     PySSL_BEGIN_ALLOW_THREADS
     if (proto_version == PY_SSL_VERSION_TLS1)
         ctx = SSL_CTX_new(TLSv1_method());
+#ifndef OPENSSL_NO_SSL3
     else if (proto_version == PY_SSL_VERSION_SSL3)
         ctx = SSL_CTX_new(SSLv3_method());
+#endif
 #ifndef OPENSSL_NO_SSL2
     else if (proto_version == PY_SSL_VERSION_SSL2)
         ctx = SSL_CTX_new(SSLv2_method());
@@ -2559,6 +2561,9 @@ Returns 1 if the OpenSSL PRNG has been s
 It is necessary to seed the PRNG with RAND_add() on some platforms before\n\
 using the ssl() function.");
 
+/* ### Fix build with LibreSSL (does not have RAND_egd)
+   ### PR195511, http://bugs.python.org/issue21356 */
+#ifndef OPENSSL_NO_EGD
 static PyObject *
 PySSL_RAND_egd(PyObject *self, PyObject *args)
 {
@@ -2586,6 +2591,8 @@ PyDoc_STRVAR(PySSL_RAND_egd_doc,
 Queries the entropy gather daemon (EGD) on the socket named by 'path'.\n\
 Returns number of bytes read.  Raises SSLError if connection to EGD\n\
 fails or if it does not provide enough data to seed PRNG.");
+#endif /* OPENSSL_NO_EGD */
+/* ### End PR195511  */
 
 #endif /* HAVE_OPENSSL_RAND */
 
@@ -2604,8 +2611,13 @@ static PyMethodDef PySSL_methods[] = {
      PySSL_RAND_bytes_doc},
     {"RAND_pseudo_bytes",   PySSL_RAND_pseudo_bytes, METH_VARARGS,
      PySSL_RAND_pseudo_bytes_doc},
+/* ### Fix build with LibreSSL (does not have RAND_egd)
+   ### PR195511, http://bugs.python.org/issue21356 */
+#ifndef OPENSSL_NO_EGD
     {"RAND_egd",            PySSL_RAND_egd, METH_VARARGS,
      PySSL_RAND_egd_doc},
+#endif /* OPENSSL_NO_EGD */
+/* ### End PR195511  */
     {"RAND_status",         (PyCFunction)PySSL_RAND_status, METH_NOARGS,
      PySSL_RAND_status_doc},
 #endif
@@ -2842,8 +2854,10 @@ PyInit__ssl(void)
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv2",
                             PY_SSL_VERSION_SSL2);
 #endif
+#ifndef OPENSSL_NO_SSL3
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv3",
                             PY_SSL_VERSION_SSL3);
+#endif
     PyModule_AddIntConstant(m, "PROTOCOL_SSLv23",
                             PY_SSL_VERSION_SSL23);
     PyModule_AddIntConstant(m, "PROTOCOL_TLSv1",
--- Lib/ssl.py.orig	2014-03-09 09:40:13.000000000 +0100
+++ Lib/ssl.py	2015-09-26 15:55:40.209981202 +0200
@@ -78,7 +78,15 @@ try:
     from _ssl import OP_SINGLE_ECDH_USE
 except ImportError:
     pass
-from _ssl import RAND_status, RAND_egd, RAND_add, RAND_bytes, RAND_pseudo_bytes
+### Fix build with LibreSSL (does not have RAND_egd)
+### PR195511, http://bugs.python.org/issue21356
+from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes
+try:
+    from _ssl import RAND_egd
+except ImportError:
+    # LibreSSL does not provide RAND_egd
+    pass
+### End PR195511
 from _ssl import (
     SSL_ERROR_ZERO_RETURN,
     SSL_ERROR_WANT_READ,
@@ -91,14 +99,13 @@ from _ssl import (
     SSL_ERROR_INVALID_ERROR_CODE,
     )
 from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN
-from _ssl import (PROTOCOL_SSLv3, PROTOCOL_SSLv23,
+from _ssl import (PROTOCOL_SSLv23,
                   PROTOCOL_TLSv1)
 from _ssl import _OPENSSL_API_VERSION
 
 _PROTOCOL_NAMES = {
     PROTOCOL_TLSv1: "TLSv1",
     PROTOCOL_SSLv23: "SSLv23",
-    PROTOCOL_SSLv3: "SSLv3",
 }
 try:
     from _ssl import PROTOCOL_SSLv2
@@ -107,6 +114,13 @@ except ImportError:
     _SSLv2_IF_EXISTS = None
 else:
     _PROTOCOL_NAMES[PROTOCOL_SSLv2] = "SSLv2"
+try:
+    from _ssl import PROTOCOL_SSLv3
+    _SSLv3_IF_EXISTS = PROTOCOL_SSLv3
+except ImportError:
+    _SSLv3_IF_EXISTS = None
+else:
+    _PROTOCOL_NAMES[PROTOCOL_SSLv3] = "SSLv3"
 
 from socket import getnameinfo as _getnameinfo
 from socket import error as socket_error
@@ -664,7 +678,7 @@ def PEM_cert_to_DER_cert(pem_cert_string
     d = pem_cert_string.strip()[len(PEM_HEADER):-len(PEM_FOOTER)]
     return base64.decodebytes(d.encode('ASCII', 'strict'))
 
-def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
+def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv23, ca_certs=None):
     """Retrieve the certificate from the server at the specified address,
     and return it as a PEM-encoded string.
     If 'ca_certs' is specified, validate the server cert against it.
--- Lib/test/test_ssl.py.orig	2014-03-09 09:40:19.000000000 +0100
+++ Lib/test/test_ssl.py	2015-09-26 15:58:58.264964564 +0200
@@ -21,11 +21,12 @@ import functools
 ssl = support.import_module("ssl")
 
 PROTOCOLS = [
-    ssl.PROTOCOL_SSLv3,
     ssl.PROTOCOL_SSLv23, ssl.PROTOCOL_TLSv1
 ]
 if hasattr(ssl, 'PROTOCOL_SSLv2'):
     PROTOCOLS.append(ssl.PROTOCOL_SSLv2)
+if hasattr(ssl, 'PROTOCOL_SSLv3'):
+    PROTOCOLS.append(ssl.PROTOCOL_SSLv3)
 
 HOST = support.HOST
 
@@ -96,7 +97,8 @@ class BasicSocketTests(unittest.TestCase
     def test_constants(self):
         #ssl.PROTOCOL_SSLv2
         ssl.PROTOCOL_SSLv23
-        ssl.PROTOCOL_SSLv3
+        if hasattr(ssl, 'PROTOCOL_SSLv3'):
+            ssl.PROTOCOL_SSLv3
         ssl.PROTOCOL_TLSv1
         ssl.CERT_NONE
         ssl.CERT_OPTIONAL
@@ -130,8 +132,12 @@ class BasicSocketTests(unittest.TestCase
         self.assertRaises(ValueError, ssl.RAND_bytes, -5)
         self.assertRaises(ValueError, ssl.RAND_pseudo_bytes, -5)
 
-        self.assertRaises(TypeError, ssl.RAND_egd, 1)
-        self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
+### Fix build with LibreSSL (does not have RAND_egd)
+### PR195511, http://bugs.python.org/issue21356        
+        if hasattr(ssl, 'RAND_egd'):
+            self.assertRaises(TypeError, ssl.RAND_egd, 1)
+            self.assertRaises(TypeError, ssl.RAND_egd, 'foo', 1)
+### End PR195511
         ssl.RAND_add("this is a random string", 75.0)
 
     @unittest.skipUnless(os.name == 'posix', 'requires posix')
@@ -512,7 +518,8 @@ class ContextTests(unittest.TestCase):
         if hasattr(ssl, 'PROTOCOL_SSLv2'):
             ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv2)
         ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-        ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv3)
+        if hasattr(ssl, 'PROTOCOL_SSLv3'):
+            ctx = ssl.SSLContext(ssl.PROTOCOL_SSLv3)
         ctx = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
         self.assertRaises(TypeError, ssl.SSLContext)
         self.assertRaises(ValueError, ssl.SSLContext, -1)
