diff --git a/daemon/remote.c b/daemon/remote.c
index 2058caeb4..fa945439c 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -243,6 +243,9 @@ daemon_remote_create(struct config_file* cfg)
 
 	if (cfg->remote_control_use_cert == 0) {
 		/* No certificates are requested */
+		#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+			SSL_CTX_set_security_level(rc->ctx, 0);
+		#endif
 		if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) {
 			log_crypto_err("Failed to set aNULL cipher list");
 			daemon_remote_delete(rc);
diff --git a/doc/Changelog b/doc/Changelog
index d4088b259..36017abe8 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+3 November 2016: Ralph
+	- Set OpenSSL security level to 0 when using aNULL ciphers.
+
 3 November 2016: Wouter
 	- .gitattributes line for githubs code language display.
 	- log-identity: config option to set sys log identity, patch from
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index 19268edab..79b3ae5fa 100644
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -176,6 +176,9 @@ setup_ctx(struct config_file* cfg)
 		free(c_cert);
 	} else {
 		/* Use ciphers that don't require authentication  */
+		#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(HAVE_LIBRESSL)
+			SSL_CTX_set_security_level(ctx, 0);
+		#endif
 		if(!SSL_CTX_set_cipher_list(ctx, "aNULL"))
 			ssl_err("Error setting NULL cipher!");
 	}