@@ -292,22 +292,24 @@
 	type = "Handshake";
 	break;
     case SSL3_RT_APPLICATION_DATA:
 	type = "App Data";
 	break;
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
     case DTLS1_RT_HEARTBEAT:
 	type = "Heartbeat";
 	break;
+#endif
     default:
 	type = "unknown";
     }
 
     /* Needs compile time option "enable-ssl-trace". */
     if ((bio = BIO_new(BIO_s_mem())) != NULL) {
 	int n;
 	SSL_trace(write_p, version, content_type, buf, len, ssl, (void *)bio);
-	n = BIO_read(bio, buffer, min(BIO_pending(bio), 14999));
+	n = BIO_read(bio, buffer, BIO_pending(bio) < 15000 ? BIO_pending(bio) : 14999);
 	n = (n<0) ? 0 : n;
 	buffer[n] = 0;
 	(void)BIO_flush(bio);
 	BIO_free(bio);
    }
@@ -590,11 +592,11 @@
  *	1 = success where app retains session in session cache, and must call SSL_SESSION_free() when done.
  *
  *-------------------------------------------------------------------
  */
 static int
-SessionCallback(const SSL *ssl, SSL_SESSION *session) {
+SessionCallback(SSL *ssl, SSL_SESSION *session) {
     State *statePtr = (State*)SSL_get_app_data((SSL *)ssl);
     Tcl_Interp *interp	= statePtr->interp;
     Tcl_Obj *cmdPtr;
     const unsigned char *ticket;
     const unsigned char *session_id;
@@ -657,11 +659,11 @@
  *	    protocols are configured for this connection. The connection continues.
  *
  *-------------------------------------------------------------------
  */
 static int
-ALPNCallback(const SSL *ssl, const unsigned char **out, unsigned char *outlen,
+ALPNCallback(SSL *ssl, const unsigned char **out, unsigned char *outlen,
 	const unsigned char *in, unsigned int inlen, void *arg) {
     State *statePtr = (State*)arg;
     Tcl_Interp *interp	= statePtr->interp;
     Tcl_Obj *cmdPtr;
     int code, res;
@@ -671,11 +673,11 @@
     if (ssl == NULL || arg == NULL) {
 	return SSL_TLSEXT_ERR_NOACK;
     }
 
     /* Select protocol */
-    if (SSL_select_next_proto(out, outlen, statePtr->protos, statePtr->protos_len,
+    if (SSL_select_next_proto((unsigned char **) out, outlen, statePtr->protos, statePtr->protos_len,
 	in, inlen) == OPENSSL_NPN_NEGOTIATED) {
 	/* Match found */
 	res = SSL_TLSEXT_ERR_OK;
     } else {
 	/* OPENSSL_NPN_NO_OVERLAP = No overlap, so use first item from client protocol list */
@@ -689,11 +691,11 @@
     /* Create command to eval */
     cmdPtr = Tcl_DuplicateObj(statePtr->vcmd);
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj("alpn", -1));
     Tcl_ListObjAppendElement(interp, cmdPtr,
 	    Tcl_NewStringObj(Tcl_GetChannelName(statePtr->self), -1));
-    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj(*out, -1));
+    Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewStringObj((const char *) *out, -1));
     Tcl_ListObjAppendElement(interp, cmdPtr, Tcl_NewBooleanObj(res == SSL_TLSEXT_ERR_OK));
 
     /* Eval callback command */
     Tcl_IncrRefCount(cmdPtr);
     if ((code = EvalCallback(interp, statePtr, cmdPtr)) > 1) {
@@ -779,11 +781,11 @@
 SNICallback(const SSL *ssl, int *alert, void *arg) {
     State *statePtr = (State*)arg;
     Tcl_Interp *interp	= statePtr->interp;
     Tcl_Obj *cmdPtr;
     int code, res;
-    char *servername = NULL;
+    const char *servername = NULL;
 
     dprintf("Called");
 
     if (ssl == NULL || arg == NULL) {
 	return SSL_TLSEXT_ERR_NOACK;
@@ -846,11 +848,11 @@
  *	SSL_CLIENT_HELLO_SUCCESS: success
  *
  *-------------------------------------------------------------------
  */
 static int
-HelloCallback(const SSL *ssl, int *alert, void *arg) {
+HelloCallback(SSL *ssl, int *alert, void *arg) {
     State *statePtr = (State*)arg;
     Tcl_Interp *interp	= statePtr->interp;
     Tcl_Obj *cmdPtr;
     int code, res;
     const char *servername;
@@ -2222,11 +2224,11 @@
 
 	/* Get protocol */
 	LAPPEND_STR(interp, objPtr, "protocol", SSL_get_version(ssl), -1);
 
 	/* Renegotiation allowed */
-	LAPPEND_BOOL(interp, objPtr, "renegotiation_allowed", SSL_get_secure_renegotiation_support(ssl));
+	LAPPEND_BOOL(interp, objPtr, "renegotiation_allowed", SSL_get_secure_renegotiation_support((SSL *) ssl));
 
 	/* Get security level */
 	LAPPEND_INT(interp, objPtr, "security_level", SSL_get_security_level(ssl));
 
 	/* Session info */
@@ -2295,11 +2297,11 @@
     if (session != NULL) {
 	const unsigned char *ticket;
 	size_t len2;
 	unsigned int ulen;
 	const unsigned char *session_id, *proto;
-	char buffer[SSL_MAX_MASTER_KEY_LENGTH];
+	unsigned char buffer[SSL_MAX_MASTER_KEY_LENGTH];
 
 	/* Report the selected protocol as a result of the ALPN negotiation */
 	SSL_SESSION_get0_alpn_selected(session, &proto, &len2);
 	LAPPEND_STR(interp, objPtr, "alpn", (char *) proto, (Tcl_Size) len2);
 
@@ -2332,12 +2334,14 @@
 
 	/* Session ticket lifetime hint (in seconds) */
 	LAPPEND_LONG(interp, objPtr, "lifetime", SSL_SESSION_get_ticket_lifetime_hint(session));
 
 	/* Ticket app data */
-	SSL_SESSION_get0_ticket_appdata(session, &ticket, &len2);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
+	SSL_SESSION_get0_ticket_appdata((SSL_SESSION *) session, &ticket, &len2);
 	LAPPEND_BARRAY(interp, objPtr, "ticket_app_data", ticket, (Tcl_Size) len2);
+#endif
 
 	/* Get master key */
 	len2 = SSL_SESSION_get_master_key(session, buffer, SSL_MAX_MASTER_KEY_LENGTH);
 	LAPPEND_BARRAY(interp, objPtr, "master_key", buffer, (Tcl_Size) len2);