diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index 677c98b4..07c53c73 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -120,6 +120,10 @@ if (OPENSSL_FOUND)
     set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
     check_function_exists(EVP_CIPHER_CTX_new HAVE_OPENSSL_EVP_CIPHER_CTX_NEW)
 
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
+    check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES)
+
     unset(CMAKE_REQUIRED_INCLUDES)
     unset(CMAKE_REQUIRED_LIBRARIES)
 endif()
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 46570294..846e37e1 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -93,7 +93,14 @@ void ssh_reseed(void){
  */
 int ssh_get_random(void *where, int len, int strong)
 {
+#ifdef HAVE_OPENSSL_RAND_PRIV_BYTES
+    if (strong) {
+        /* Returns -1 when not supported, 0 on error, 1 on success */
+        return !!RAND_priv_bytes(where, len);
+    }
+#else
     (void)strong;
+#endif /* HAVE_RAND_PRIV_BYTES */
 
     /* Returns -1 when not supported, 0 on error, 1 on success */
     return !!RAND_bytes(where, len);