diff --git a/CHANGES b/CHANGES
index c3f686702a..0f17f26561 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+4383.	[bug]		OPENSSL_config is no longer re-callable. [RT #41348]
+
 4281.	[bug]		Teach dns_message_totext about BADCOOKIE. [RT #41257]
 
 4280.	[performance]	Use optimal message sizes to improve compression
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index 6a52b31edd..25981e1949 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -206,7 +206,16 @@ dst__openssl_init(const char *engine) {
 	rm->status = entropy_status;
 
 #ifdef USE_ENGINE
-	OPENSSL_config(NULL);
+	/*
+	 * OPENSSL_config() can only be called a single time as of
+	 * 1.0.2e so do the steps individually.
+	 */
+	OPENSSL_load_builtin_modules();
+	ENGINE_load_builtin_engines();
+	ERR_clear_error();
+	CONF_modules_load_file(NULL, NULL,
+			       CONF_MFLAGS_DEFAULT_SECTION |
+			       CONF_MFLAGS_IGNORE_MISSING_FILE);
 
 	if (engine != NULL && *engine == '\0')
 		engine = NULL;