diff --git a/debian/patches/series b/debian/patches/series
index e3aa8423a..b8bc2b7a8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,6 +14,7 @@ upstream/0016-sanity-reset-proxy_require-hdr-parsed-field-after-fr.patch
 upstream/0017-pua_reginfo-fix-memory-leak-when-usrloc-is-DB_ONLY.patch
 upstream/0018-usrloc-fix-ucontact-shared-leak.patch
 upstream/0019-presence-remove-transaction-creation-from-publ_notif.patch
+upstream/0037-tls-do-kerberos-and-zlib-init-checks-only-for-libssl.patch
 # upsream fixes from master
 upstream/pv-new-function-pv_evalx-dst-fmt.patch
 upstream/pv_trans_cfg_line.patch
diff --git a/debian/patches/upstream/0037-tls-do-kerberos-and-zlib-init-checks-only-for-libssl.patch b/debian/patches/upstream/0037-tls-do-kerberos-and-zlib-init-checks-only-for-libssl.patch
new file mode 100644
index 000000000..92550a867
--- /dev/null
+++ b/debian/patches/upstream/0037-tls-do-kerberos-and-zlib-init-checks-only-for-libssl.patch
@@ -0,0 +1,57 @@
+From 406c02f7b76ada56d6e1f73e763fecb05c1f51c5 Mon Sep 17 00:00:00 2001
+From: Daniel-Constantin Mierla <miconda@gmail.com>
+Date: Fri, 31 Mar 2017 12:56:52 +0200
+Subject: [PATCH] tls: do kerberos and zlib init checks only for libssl < 1.1.0
+
+- using string matching inside libssl compile flags is no longer
+  reliable
+- reported by GH #1050
+
+(cherry picked from commit e59fa823b7b9513d3d1adb958d5e8ec055082d83)
+(cherry picked from commit b12ac4ea9efae41b83a2664ea4f25b1d59bc2032)
+---
+ modules/tls/tls_init.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/modules/tls/tls_init.c b/modules/tls/tls_init.c
+index af2d4c54e..133bc7fc8 100644
+--- a/modules/tls/tls_init.c
++++ b/modules/tls/tls_init.c
+@@ -563,11 +563,13 @@ int init_tls_h(void)
+ {
+ 	/*struct socket_info* si;*/
+ 	long ssl_version;
++#if OPENSSL_VERSION_NUMBER < 0x010100000L
+ 	int lib_kerberos;
+ 	int lib_zlib;
+ 	int kerberos_support;
+ 	int comp_support;
+ 	const char* lib_cflags;
++#endif
+ 	int low_mem_threshold1;
+ 	int low_mem_threshold2;
+ 	str tls_grp;
+@@ -603,6 +605,10 @@ int init_tls_h(void)
+ 		else
+ 			return -1; /* safer to exit */
+ 	}
++
++/* check kerberos support using compile flags only for version < 1.1.0 */
++#if OPENSSL_VERSION_NUMBER < 0x010100000L
++
+ #ifdef TLS_KERBEROS_SUPPORT
+ 	kerberos_support=1;
+ #else
+@@ -672,6 +678,9 @@ int init_tls_h(void)
+ 			" kerberos support will be disabled...\n");
+ 	}
+ 	#endif
++
++#endif /* libssl version < 1.1.0 (OPENSSL_VERSION_NUMBER < 0x010100000L) */
++
+ 	/* set free memory threshold for openssl bug #1491 workaround */
+ 	low_mem_threshold1 = cfg_get(tls, tls_cfg, low_mem_threshold1);
+ 	low_mem_threshold2 = cfg_get(tls, tls_cfg, low_mem_threshold2);
+-- 
+2.11.0
+