diff --git a/doc/Changelog b/doc/Changelog
index c14e79617..684a5728b 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 10 January 2020: Wouter
 	- Fix the relationship between serve-expired and prefetch options,
 	  patch from Saksham Manchanda from Secure64.
+	- Fix unreachable code in ssl set options code.
 
 8 January 2020: Ralph
 	- Fix #138: stop binding pidfile inside chroot dir in systemd service
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index ed8bad1e9..4f51e400e 100644
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -493,9 +493,11 @@ setup_ctx(struct config_file* cfg)
 	ctx = SSL_CTX_new(SSLv23_client_method());
 	if(!ctx)
 		ssl_err("could not allocate SSL_CTX pointer");
+#if SSL_OP_NO_SSLv2 != 0
 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
 		!= SSL_OP_NO_SSLv2)
 		ssl_err("could not set SSL_OP_NO_SSLv2");
+#endif
 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
 		!= SSL_OP_NO_SSLv3)
 		ssl_err("could not set SSL_OP_NO_SSLv3");
diff --git a/testcode/petal.c b/testcode/petal.c
index dcc31fdc5..123684aab 100644
--- a/testcode/petal.c
+++ b/testcode/petal.c
@@ -234,7 +234,9 @@ setup_ctx(char* key, char* cert)
 {
 	SSL_CTX* ctx = SSL_CTX_new(SSLv23_server_method());
 	if(!ctx) print_exit("out of memory");
+#if SSL_OP_NO_SSLv2 != 0
 	(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
+#endif
 	(void)SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
 	if(!SSL_CTX_use_certificate_chain_file(ctx, cert))
 		print_exit("cannot read cert");
diff --git a/util/net_help.c b/util/net_help.c
index 9747b5d55..10c4acc47 100644
--- a/util/net_help.c
+++ b/util/net_help.c
@@ -728,11 +728,13 @@ listen_sslctx_setup(void* ctxt)
 #ifdef HAVE_SSL
 	SSL_CTX* ctx = (SSL_CTX*)ctxt;
 	/* no SSLv2, SSLv3 because has defects */
+#if SSL_OP_NO_SSLv2 != 0
 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
 		!= SSL_OP_NO_SSLv2){
 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
 		return 0;
 	}
+#endif
 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
 		!= SSL_OP_NO_SSLv3){
 		log_crypto_err("could not set SSL_OP_NO_SSLv3");
@@ -968,12 +970,14 @@ void* connect_sslctx_create(char* key, char* pem, char* verifypem, int wincert)
 		log_crypto_err("could not allocate SSL_CTX pointer");
 		return NULL;
 	}
+#if SSL_OP_NO_SSLv2 != 0
 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
 		!= SSL_OP_NO_SSLv2) {
 		log_crypto_err("could not set SSL_OP_NO_SSLv2");
 		SSL_CTX_free(ctx);
 		return NULL;
 	}
+#endif
 	if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
 		!= SSL_OP_NO_SSLv3) {
 		log_crypto_err("could not set SSL_OP_NO_SSLv3");