diff --git a/trojans/csd-post.sh b/trojans/csd-post.sh
index 86837d2b7d1dfeb24a7d56e59a3e6ef72d4a186b..c9ba10bc8e6946da1b9b38fea360a0a6b779cd38 100755
--- a/trojans/csd-post.sh
+++ b/trojans/csd-post.sh
@@ -12,6 +12,10 @@
 # server's security policy with lies. This script exists as an example
 # to work from.
 
+# The below config file allows for compatibility with newer versions of OpenSSL, change path to wherever your legacy_openssl.cnf file is located
+
+export OPENSSL_CONF=/usr/etc/legacy_openssl.cnf
+
 if ! xmlstarlet --version > /dev/null 2>&1; then
     echo "************************************************************************" >&2
     echo "WARNING: xmlstarlet not found in path; CSD token extraction may not work" >&2
diff --git a/trojans/legacy_openssl.cnf b/trojans/legacy_openssl.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..e9a4029ad2edd0547c3af52f44d8cf790d9dadfa
--- /dev/null
+++ b/trojans/legacy_openssl.cnf
@@ -0,0 +1,10 @@
+openssl_conf = openssl_init
+
+[openssl_init]
+ssl_conf = ssl_sect
+
+[ssl_sect]
+system_default = system_default_sect
+
+[system_default_sect]
+Options = UnsafeLegacyRenegotiation