diff --git a/degesch.c b/degesch.c
index 1ff89c9..615ebb7 100644
--- a/degesch.c
+++ b/degesch.c
@@ -3980,7 +3980,7 @@ transport_tls_init_cert (struct server *s, SSL *ssl, struct error **e)
 	else if (!SSL_use_certificate_file (ssl, path, SSL_FILETYPE_PEM)
 		|| !SSL_use_PrivateKey_file (ssl, path, SSL_FILETYPE_PEM))
 		error_set (e, "%s: %s", "Setting the SSL client certificate failed",
-			ERR_error_string (ERR_get_error (), NULL));
+			ERR_reason_error_string (ERR_get_error ()));
 	else
 		result = true;
 	free (path);
@@ -4028,10 +4028,8 @@ error_ssl_3:
 error_ssl_2:
 	SSL_CTX_free (ssl_ctx);
 error_ssl_1:
-	// XXX: these error strings are really nasty; also there could be
-	//   multiple errors on the OpenSSL stack.
 	if (!error_info)
-		error_info = ERR_error_string (ERR_get_error (), NULL);
+		error_info = ERR_reason_error_string (ERR_get_error ());
 	error_set (e, "%s: %s", "could not initialize SSL/TLS", error_info);
 	return false;
 }
diff --git a/kike.c b/kike.c
index 738365e..bcbc4c6 100644
--- a/kike.c
+++ b/kike.c
@@ -3273,10 +3273,8 @@ error_ssl_2:
 	SSL_free (c->ssl);
 	c->ssl = NULL;
 error_ssl_1:
-	// XXX: these error strings are really nasty; also there could be
-	//   multiple errors on the OpenSSL stack.
 	if (!error_info)
-		error_info = ERR_error_string (ERR_get_error (), NULL);
+		error_info = ERR_reason_error_string (ERR_get_error ());
 	print_debug ("could not initialize SSL for %s: %s", c->address, error_info);
 	return false;
 }
@@ -3485,10 +3483,8 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
 	ctx->ssl_ctx = SSL_CTX_new (SSLv23_server_method ());
 	if (!ctx->ssl_ctx)
 	{
-		// XXX: these error strings are really nasty; also there could be
-		//   multiple errors on the OpenSSL stack.
 		error_set (e, "%s: %s", "could not initialize SSL",
-			ERR_error_string (ERR_get_error (), NULL));
+			ERR_reason_error_string (ERR_get_error ()));
 		return false;
 	}
 	SSL_CTX_set_verify (ctx->ssl_ctx,
@@ -3515,11 +3511,11 @@ irc_initialize_ssl_ctx (struct server_context *ctx,
 		error_set (e, "failed to select any cipher from the cipher list");
 	else if (!SSL_CTX_use_certificate_chain_file (ctx->ssl_ctx, cert_path))
 		error_set (e, "%s: %s", "setting the SSL client certificate failed",
-			ERR_error_string (ERR_get_error (), NULL));
+			ERR_reason_error_string (ERR_get_error ()));
 	else if (!SSL_CTX_use_PrivateKey_file
 		(ctx->ssl_ctx, key_path, SSL_FILETYPE_PEM))
 		error_set (e, "%s: %s", "setting the SSL private key failed",
-			ERR_error_string (ERR_get_error (), NULL));
+			ERR_reason_error_string (ERR_get_error ()));
 	else
 		// TODO: SSL_CTX_check_private_key()?  It has probably already been
 		//   checked by SSL_CTX_use_PrivateKey_file() above.
@@ -3998,7 +3994,6 @@ main (int argc, char *argv[])
 	SSL_library_init ();
 	atexit (EVP_cleanup);
 	SSL_load_error_strings ();
-	// XXX: ERR_load_BIO_strings()?  Anything else?
 	atexit (ERR_free_strings);
 
 	struct server_context ctx;