diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index c0cce91b..3bc9edca 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -100,22 +100,6 @@ if (OPENSSL_FOUND)
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     check_include_file(openssl/ecdsa.h HAVE_OPENSSL_ECDSA_H)
 
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(EVP_aes_128_ctr HAVE_OPENSSL_EVP_AES_CTR)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(EVP_aes_128_cbc HAVE_OPENSSL_EVP_AES_CBC)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(EVP_aes_128_gcm HAVE_OPENSSL_EVP_AES_GCM)
-
-    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
-    check_function_exists(CRYPTO_ctr128_encrypt HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT)
-
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARIES})
     check_function_exists(EVP_KDF_CTX_new_id HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID)
diff --git a/config.h.cmake b/config.h.cmake
index 12e0b73f..34690304 100644
--- a/config.h.cmake
+++ b/config.h.cmake
@@ -111,21 +111,9 @@
 
 /*************************** FUNCTIONS ***************************/
 
-/* Define to 1 if you have the `EVP_aes128_ctr' function. */
-#cmakedefine HAVE_OPENSSL_EVP_AES_CTR 1
-
-/* Define to 1 if you have the `EVP_aes128_cbc' function. */
-#cmakedefine HAVE_OPENSSL_EVP_AES_CBC 1
-
-/* Define to 1 if you have the `EVP_aes128_gcm' function. */
-#cmakedefine HAVE_OPENSSL_EVP_AES_GCM 1
-
 /* Define to 1 if you have the `EVP_chacha20' function. */
 #cmakedefine HAVE_OPENSSL_EVP_CHACHA20 1
 
-/* Define to 1 if you have the `CRYPTO_ctr128_encrypt' function. */
-#cmakedefine HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT 1
-
 /* Define to 1 if you have the `EVP_KDF_CTX_new_id' function. */
 #cmakedefine HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID 1
 
diff --git a/src/kex.c b/src/kex.c
index 98558e97..d2ee93ba 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -75,11 +75,7 @@
 
 #elif defined(HAVE_LIBCRYPTO)
 # ifdef HAVE_OPENSSL_AES_H
-#  ifdef HAVE_OPENSSL_EVP_AES_GCM
-#   define GCM "aes256-gcm@openssh.com,aes128-gcm@openssh.com,"
-#  else
-#   define GCM ""
-#  endif /* HAVE_OPENSSL_EVP_AES_GCM */
+#  define GCM "aes256-gcm@openssh.com,aes128-gcm@openssh.com,"
 #  define AES GCM "aes256-ctr,aes192-ctr,aes128-ctr,"
 #  define AES_CBC "aes256-cbc,aes192-cbc,aes128-cbc,"
 # else /* HAVE_OPENSSL_AES_H */
diff --git a/src/libcrypto.c b/src/libcrypto.c
index b2d5fc93..c5c0eac5 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -71,10 +71,6 @@
 #include <openssl/kdf.h>
 #endif
 
-#ifdef HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT
-#include <openssl/modes.h>
-#endif
-
 #include "libssh/crypto.h"
 
 static int libcrypto_initialized = 0;
@@ -496,7 +492,6 @@ static void evp_cipher_init(struct ssh_cipher_struct *cipher)
     case SSH_AES256_CBC:
         cipher->cipher = EVP_aes_256_cbc();
         break;
-#ifdef HAVE_OPENSSL_EVP_AES_CTR
     case SSH_AES128_CTR:
         cipher->cipher = EVP_aes_128_ctr();
         break;
@@ -506,26 +501,12 @@ static void evp_cipher_init(struct ssh_cipher_struct *cipher)
     case SSH_AES256_CTR:
         cipher->cipher = EVP_aes_256_ctr();
         break;
-#else
-    case SSH_AES128_CTR:
-    case SSH_AES192_CTR:
-    case SSH_AES256_CTR:
-        SSH_LOG(SSH_LOG_WARNING, "This cipher is not available in evp_cipher_init");
-        break;
-#endif
-#ifdef HAVE_OPENSSL_EVP_AES_GCM
     case SSH_AEAD_AES128_GCM:
         cipher->cipher = EVP_aes_128_gcm();
         break;
     case SSH_AEAD_AES256_GCM:
         cipher->cipher = EVP_aes_256_gcm();
         break;
-#else
-    case SSH_AEAD_AES128_GCM:
-    case SSH_AEAD_AES256_GCM:
-        SSH_LOG(SSH_LOG_WARNING, "This cipher is not available in evp_cipher_init");
-        break;
-#endif /* HAVE_OPENSSL_EVP_AES_GCM */
     case SSH_3DES_CBC:
         cipher->cipher = EVP_des_ede3_cbc();
         break;
@@ -557,7 +538,6 @@ static int evp_cipher_set_encrypt_key(struct ssh_cipher_struct *cipher,
         return SSH_ERROR;
     }
 
-#ifdef HAVE_OPENSSL_EVP_AES_GCM
     /* For AES-GCM we need to set IV in specific way */
     if (cipher->ciphertype == SSH_AEAD_AES128_GCM ||
         cipher->ciphertype == SSH_AEAD_AES256_GCM) {
@@ -570,7 +550,6 @@ static int evp_cipher_set_encrypt_key(struct ssh_cipher_struct *cipher,
             return SSH_ERROR;
         }
     }
-#endif /* HAVE_OPENSSL_EVP_AES_GCM */
 
     EVP_CIPHER_CTX_set_padding(cipher->ctx, 0);
 
@@ -589,7 +568,6 @@ static int evp_cipher_set_decrypt_key(struct ssh_cipher_struct *cipher,
         return SSH_ERROR;
     }
 
-#ifdef HAVE_OPENSSL_EVP_AES_GCM
     /* For AES-GCM we need to set IV in specific way */
     if (cipher->ciphertype == SSH_AEAD_AES128_GCM ||
         cipher->ciphertype == SSH_AEAD_AES256_GCM) {
@@ -602,7 +580,6 @@ static int evp_cipher_set_decrypt_key(struct ssh_cipher_struct *cipher,
             return SSH_ERROR;
         }
     }
-#endif /* HAVE_OPENSSL_EVP_AES_GCM */
 
     EVP_CIPHER_CTX_set_padding(cipher->ctx, 0);
 
@@ -668,68 +645,6 @@ static void evp_cipher_cleanup(struct ssh_cipher_struct *cipher) {
     }
 }
 
-#ifndef HAVE_OPENSSL_EVP_AES_CTR
-/* Some OS (osx, OpenIndiana, ...) have no support for CTR ciphers in EVP_aes */
-
-struct ssh_aes_key_schedule {
-    AES_KEY key;
-    uint8_t IV[AES_BLOCK_SIZE];
-};
-
-static int aes_ctr_set_key(struct ssh_cipher_struct *cipher, void *key,
-    void *IV) {
-    int rc;
-
-    if (cipher->aes_key == NULL) {
-        cipher->aes_key = malloc(sizeof (struct ssh_aes_key_schedule));
-    }
-    if (cipher->aes_key == NULL) {
-        return SSH_ERROR;
-    }
-    ZERO_STRUCTP(cipher->aes_key);
-    /* CTR doesn't need a decryption key */
-    rc = AES_set_encrypt_key(key, cipher->keysize, &cipher->aes_key->key);
-    if (rc < 0) {
-        SAFE_FREE(cipher->aes_key);
-        return SSH_ERROR;
-    }
-    memcpy(cipher->aes_key->IV, IV, AES_BLOCK_SIZE);
-    return SSH_OK;
-}
-
-static void
-aes_ctr_encrypt(struct ssh_cipher_struct *cipher,
-                void *in,
-                void *out,
-                size_t len)
-{
-  unsigned char tmp_buffer[AES_BLOCK_SIZE];
-  unsigned int num=0;
-  /* Some things are special with ctr128 :
-   * In this case, tmp_buffer is not being used, because it is used to store temporary data
-   * when an encryption is made on lengths that are not multiple of blocksize.
-   * Same for num, which is being used to store the current offset in blocksize in CTR
-   * function.
-   */
-#ifdef HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT
-  CRYPTO_ctr128_encrypt(in, out, len, &cipher->aes_key->key, cipher->aes_key->IV, tmp_buffer, &num, (block128_f)AES_encrypt);
-#else
-  AES_ctr128_encrypt(in, out, len, &cipher->aes_key->key, cipher->aes_key->IV, tmp_buffer, &num);
-#endif /* HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT */
-}
-
-static void aes_ctr_cleanup(struct ssh_cipher_struct *cipher){
-    if (cipher != NULL) {
-        if (cipher->aes_key != NULL) {
-            explicit_bzero(cipher->aes_key, sizeof(*cipher->aes_key));
-        }
-        SAFE_FREE(cipher->aes_key);
-    }
-}
-
-#endif /* HAVE_OPENSSL_EVP_AES_CTR */
-
-#ifdef HAVE_OPENSSL_EVP_AES_GCM
 static int
 evp_cipher_aead_get_length(struct ssh_cipher_struct *cipher,
                            void *in,
@@ -900,8 +815,6 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
     return SSH_OK;
 }
 
-#endif /* HAVE_OPENSSL_EVP_AES_GCM */
-
 #if defined(HAVE_OPENSSL_EVP_CHACHA20) && defined(HAVE_OPENSSL_EVP_POLY1305)
 
 struct chacha20_poly1305_keysched {
@@ -1311,7 +1224,6 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
   },
 #endif
 #ifdef HAS_AES
-#ifdef HAVE_OPENSSL_EVP_AES_CTR
   {
     .name = "aes128-ctr",
     .blocksize = AES_BLOCK_SIZE,
@@ -1345,41 +1257,6 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
     .decrypt = evp_cipher_decrypt,
     .cleanup = evp_cipher_cleanup
   },
-#else /* HAVE_OPENSSL_EVP_AES_CTR */
-  {
-    .name = "aes128-ctr",
-    .blocksize = AES_BLOCK_SIZE,
-    .ciphertype = SSH_AES128_CTR,
-    .keysize = 128,
-    .set_encrypt_key = aes_ctr_set_key,
-    .set_decrypt_key = aes_ctr_set_key,
-    .encrypt = aes_ctr_encrypt,
-    .decrypt = aes_ctr_encrypt,
-    .cleanup = aes_ctr_cleanup
-  },
-  {
-    .name = "aes192-ctr",
-    .blocksize = AES_BLOCK_SIZE,
-    .ciphertype = SSH_AES192_CTR,
-    .keysize = 192,
-    .set_encrypt_key = aes_ctr_set_key,
-    .set_decrypt_key = aes_ctr_set_key,
-    .encrypt = aes_ctr_encrypt,
-    .decrypt = aes_ctr_encrypt,
-    .cleanup = aes_ctr_cleanup
-  },
-  {
-    .name = "aes256-ctr",
-    .blocksize = AES_BLOCK_SIZE,
-    .ciphertype = SSH_AES256_CTR,
-    .keysize = 256,
-    .set_encrypt_key = aes_ctr_set_key,
-    .set_decrypt_key = aes_ctr_set_key,
-    .encrypt = aes_ctr_encrypt,
-    .decrypt = aes_ctr_encrypt,
-    .cleanup = aes_ctr_cleanup
-  },
-#endif /* HAVE_OPENSSL_EVP_AES_CTR */
   {
     .name = "aes128-cbc",
     .blocksize = AES_BLOCK_SIZE,
@@ -1413,7 +1290,6 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
     .decrypt = evp_cipher_decrypt,
     .cleanup = evp_cipher_cleanup
   },
-#ifdef HAVE_OPENSSL_EVP_AES_GCM
   {
     .name = "aes128-gcm@openssh.com",
     .blocksize = AES_BLOCK_SIZE,
@@ -1442,7 +1318,6 @@ static struct ssh_cipher_struct ssh_ciphertab[] = {
     .aead_decrypt = evp_cipher_aead_decrypt,
     .cleanup = evp_cipher_cleanup
   },
-#endif /* HAVE_OPENSSL_EVP_AES_GCM */
 #endif /* HAS_AES */
 #ifdef HAS_DES
   {