diff --git a/lib/roles/h2/http2.c b/lib/roles/h2/http2.c
index 5c11b9423..46c254539 100644
--- a/lib/roles/h2/http2.c
+++ b/lib/roles/h2/http2.c
@@ -2378,7 +2378,7 @@ lws_h2_ws_handshake(struct lws *wsi)
 			if (lws_add_http_header_by_token(wsi, WSI_TOKEN_PROTOCOL,
 				(uint8_t *)lws_hdr_simple_ptr(wsi,
 							   WSI_TOKEN_PROTOCOL),
-				strlen(lws_hdr_simple_ptr(wsi,
+				(int)strlen(lws_hdr_simple_ptr(wsi,
 							   WSI_TOKEN_PROTOCOL)),
 						 &p, end))
 			return -1;
diff --git a/lib/roles/http/server/server.c b/lib/roles/http/server/server.c
index 57af8fe1b..82c051999 100644
--- a/lib/roles/http/server/server.c
+++ b/lib/roles/http/server/server.c
@@ -700,10 +700,10 @@ lws_http_serve(struct lws *wsi, char *uri, const char *origin,
 			if (!wsi->http2_substream)
 				wsi->sending_chunked = 1;
 
-			wsi->protocol_interpret_idx =
+			wsi->protocol_interpret_idx = (char)(
 				lws_vhost_name_to_protocol(wsi->vhost,
 							   pvo->value) -
-				&lws_get_vhost(wsi)->protocols[0];
+				&lws_get_vhost(wsi)->protocols[0]);
 
 			lwsl_debug("want %s interpreted by %s (pcol is %s)\n", path,
 				    wsi->vhost->protocols[
diff --git a/lib/tls/openssl/openssl-x509.c b/lib/tls/openssl/openssl-x509.c
index f196f22d6..bd6e0162d 100644
--- a/lib/tls/openssl/openssl-x509.c
+++ b/lib/tls/openssl/openssl-x509.c
@@ -242,7 +242,7 @@ lws_x509_parse_from_pem(struct lws_x509_cert *x509, const void *pem, size_t len)
 {
 	BIO* bio = BIO_new(BIO_s_mem());
 
-	BIO_write(bio, pem, len);
+	BIO_write(bio, pem, (int)len);
 	x509->cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
 	BIO_free(bio);
 	if (!x509->cert) {
@@ -496,7 +496,7 @@ lws_x509_jwk_privkey_pem(struct lws_jwk *jwk, void *pem, size_t len,
 	const BIGNUM *cmpi;
 	int n, m, ret = -1;
 
-	BIO_write(bio, pem, len);
+	BIO_write(bio, pem, (int)len);
 	PEM_read_bio_PrivateKey(bio, &pkey, lws_x509_jwk_privkey_pem_pp_cb,
 				(void *)passphrase);
 	BIO_free(bio);