diff --git a/Misc/NEWS.d/next/Library/2021-04-10-11-35-50.bpo-43799.1iV4pX.rst b/Misc/NEWS.d/next/Library/2021-04-10-11-35-50.bpo-43799.1iV4pX.rst
new file mode 100644
index 0000000000000000000000000000000000000000..ecffd1162e0e47abf0b557ccdade693ef3c11ef2_TWlzYy9ORVdTLmQvbmV4dC9MaWJyYXJ5LzIwMjEtMDQtMTAtMTEtMzUtNTAuYnBvLTQzNzk5LjFpVjRwWC5yc3Q=
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2021-04-10-11-35-50.bpo-43799.1iV4pX.rst
@@ -0,0 +1,2 @@
+OpenSSL 3.0.0: define ``OPENSSL_API_COMPAT`` 1.1.1 to suppress deprecation
+warnings. Python requires OpenSSL 1.1.1 APIs.
diff --git a/Modules/_hashopenssl.c b/Modules/_hashopenssl.c
index d815cc066df80d44e6e30ddc243cfe0586e21c1c_TW9kdWxlcy9faGFzaG9wZW5zc2wuYw==..ecffd1162e0e47abf0b557ccdade693ef3c11ef2_TW9kdWxlcy9faGFzaG9wZW5zc2wuYw== 100644
--- a/Modules/_hashopenssl.c
+++ b/Modules/_hashopenssl.c
@@ -11,9 +11,16 @@
  *
  */
 
+/* Don't warn about deprecated functions, */
+#ifndef OPENSSL_API_COMPAT
+  // 0x10101000L == 1.1.1, 30000 == 3.0.0
+  #define OPENSSL_API_COMPAT 0x10101000L
+#endif
+#define OPENSSL_NO_DEPRECATED 1
+
 #define PY_SSIZE_T_CLEAN
 
 #include "Python.h"
 #include "hashlib.h"
 #include "pystrhex.h"
 
@@ -14,13 +21,12 @@
 #define PY_SSIZE_T_CLEAN
 
 #include "Python.h"
 #include "hashlib.h"
 #include "pystrhex.h"
 
-
 /* EVP is the preferred interface to hashing in OpenSSL */
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/crypto.h>
 /* We use the object interface to discover what hashes OpenSSL supports. */
 #include <openssl/objects.h>
@@ -21,10 +27,10 @@
 /* EVP is the preferred interface to hashing in OpenSSL */
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/crypto.h>
 /* We use the object interface to discover what hashes OpenSSL supports. */
 #include <openssl/objects.h>
-#include "openssl/err.h"
+#include <openssl/err.h>
 
 #include <openssl/crypto.h>       // FIPS_mode()
 
@@ -1862,5 +1868,4 @@
 /*[clinic end generated code: output=87eece1bab4d3fa9 input=2db61538c41c6fef]*/
 
 {
-    int result;
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
@@ -1866,4 +1871,4 @@
 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
-    result = EVP_default_properties_is_fips_enabled(NULL);
+    return EVP_default_properties_is_fips_enabled(NULL);
 #else
     ERR_clear_error();
@@ -1868,6 +1873,6 @@
 #else
     ERR_clear_error();
-    result = FIPS_mode();
+    int result = FIPS_mode();
     if (result == 0) {
         // "If the library was built without support of the FIPS Object Module,
         // then the function will return 0 with an error code of
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index d815cc066df80d44e6e30ddc243cfe0586e21c1c_TW9kdWxlcy9fc3NsLmM=..ecffd1162e0e47abf0b557ccdade693ef3c11ef2_TW9kdWxlcy9fc3NsLmM= 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -14,6 +14,13 @@
        http://bugs.python.org/issue8108#msg102867 ?
 */
 
+/* Don't warn about deprecated functions, */
+#ifndef OPENSSL_API_COMPAT
+  // 0x10101000L == 1.1.1, 30000 == 3.0.0
+  #define OPENSSL_API_COMPAT 0x10101000L
+#endif
+#define OPENSSL_NO_DEPRECATED 1
+
 #define PY_SSIZE_T_CLEAN
 
 #include "Python.h"
@@ -43,14 +50,6 @@
 #include <sys/poll.h>
 #endif
 
-/* Don't warn about deprecated functions */
-#ifdef __GNUC__
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-#endif
-#ifdef __clang__
-#pragma clang diagnostic ignored "-Wdeprecated-declarations"
-#endif
-
 /* Include OpenSSL header files */
 #include "openssl/rsa.h"
 #include "openssl/crypto.h"
@@ -148,9 +147,8 @@
 #  define PY_OPENSSL_1_1_API 1
 #endif
 
-/* OpenSSL API compat */
-#ifdef OPENSSL_API_COMPAT
-#if OPENSSL_API_COMPAT >= 0x10100000L
-
-/* OpenSSL API 1.1.0+ does not include version methods */
+/* OpenSSL API 1.1.0+ does not include version methods. Define the methods
+ * unless OpenSSL is compiled without the methods. It's the easiest way to
+ * make 1.0.2, 1.1.0, 1.1.1, and 3.0.0 happy without deprecation warnings.
+ */
 #ifndef OPENSSL_NO_TLS1_METHOD
@@ -156,4 +154,4 @@
 #ifndef OPENSSL_NO_TLS1_METHOD
-#define OPENSSL_NO_TLS1_METHOD 1
+extern const SSL_METHOD *TLSv1_method(void);
 #endif
 #ifndef OPENSSL_NO_TLS1_1_METHOD
@@ -158,5 +156,5 @@
 #endif
 #ifndef OPENSSL_NO_TLS1_1_METHOD
-#define OPENSSL_NO_TLS1_1_METHOD 1
+extern const SSL_METHOD *TLSv1_1_method(void);
 #endif
 #ifndef OPENSSL_NO_TLS1_2_METHOD
@@ -161,5 +159,5 @@
 #endif
 #ifndef OPENSSL_NO_TLS1_2_METHOD
-#define OPENSSL_NO_TLS1_2_METHOD 1
+extern const SSL_METHOD *TLSv1_2_method(void);
 #endif
 
@@ -164,8 +162,5 @@
 #endif
 
-#endif /* >= 1.1.0 compcat */
-#endif /* OPENSSL_API_COMPAT */
-
 /* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
 #if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
 #  define PY_OPENSSL_1_1_API 1