diff --git a/lib/jose/jwe/enc/aescbc.c b/lib/jose/jwe/enc/aescbc.c
index 9cd517948..54cabc7ac 100644
--- a/lib/jose/jwe/enc/aescbc.c
+++ b/lib/jose/jwe/enc/aescbc.c
@@ -195,8 +195,10 @@ lws_jwe_auth_and_decrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *enc_cek,
 
 	/* first half of enc_cek is the MAC key */
 	if (lws_genhmac_init(&hmacctx, jwe->jose.enc_alg->hmac_type, enc_cek,
-			     hlen / 2))
+			     hlen / 2)) {
+		lwsl_err("%s: lws_genhmac_init fail\n", __func__);
 		return -1;
+	}
 
 	if (lws_genhmac_update(&hmacctx, aad, aad_len) ||
 	    lws_genhmac_update(&hmacctx, (uint8_t *)jwe->jws.map.buf[LJWE_IV],
diff --git a/lib/tls/openssl/lws-genhash.c b/lib/tls/openssl/lws-genhash.c
index e9d5125b7..cbc89d4af 100644
--- a/lib/tls/openssl/lws-genhash.c
+++ b/lib/tls/openssl/lws-genhash.c
@@ -22,7 +22,7 @@
  *  same whether you are using openssl or mbedtls hash functions underneath.
  */
 #include "libwebsockets.h"
-
+#include <openssl/obj_mac.h>
 /*
  * Care: many openssl apis return 1 for success.  These are translated to the
  * lws convention of 0 for success.
@@ -91,23 +91,22 @@ int
 lws_genhmac_init(struct lws_genhmac_ctx *ctx, enum lws_genhmac_types type,
 		 const uint8_t *key, size_t key_len)
 {
-	const char *ts;
-	const EVP_MD *md;
 	EVP_PKEY *pkey;
 
 	ctx->type = type;
 
 	switch (type) {
 	case LWS_GENHMAC_TYPE_SHA256:
-		ts = "SHA256";
+		ctx->evp_type = EVP_sha256();
 		break;
 	case LWS_GENHMAC_TYPE_SHA384:
-		ts = "SHA384";
+		ctx->evp_type = EVP_sha384();
 		break;
 	case LWS_GENHMAC_TYPE_SHA512:
-		ts = "SHA512";
+		ctx->evp_type = EVP_sha512();
 		break;
 	default:
+		lwsl_err("%s: unknown HMAC type %d\n", __func__, type);
 		return -1;
 	}
 
@@ -115,16 +114,12 @@ lws_genhmac_init(struct lws_genhmac_ctx *ctx, enum lws_genhmac_types type,
         if (!ctx->ctx)
 		return -1;
 
-        md = EVP_get_digestbyname(ts);
-        if (!md)
-		return -1;
-
-        if (EVP_DigestInit_ex(ctx->ctx, md, NULL) != 1)
+        if (EVP_DigestInit_ex(ctx->ctx, ctx->evp_type, NULL) != 1)
 		return -1;
 
         pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, key, (int)key_len);
 
-        if (EVP_DigestSignInit(ctx->ctx, NULL, md, NULL, pkey) != 1)
+        if (EVP_DigestSignInit(ctx->ctx, NULL, ctx->evp_type, NULL, pkey) != 1)
 		return -1;
 
         EVP_PKEY_free(pkey);
diff --git a/minimal-examples/api-tests/api-test-gencrypto/CMakeLists.txt b/minimal-examples/api-tests/api-test-gencrypto/CMakeLists.txt
index 0679f88a5..f2a848035 100644
--- a/minimal-examples/api-tests/api-test-gencrypto/CMakeLists.txt
+++ b/minimal-examples/api-tests/api-test-gencrypto/CMakeLists.txt
@@ -62,8 +62,7 @@ MACRO(require_lws_config reqconfig _val result)
 ENDMACRO()
 
 set(requirements 1)
-require_lws_config(LWS_WITH_GENAES 1 requirements)
-require_lws_config(LWS_WITH_GENEC 1 requirements)
+require_lws_config(LWS_WITH_GENCRYPTO 1 requirements)
 
 if (requirements)
 
diff --git a/minimal-examples/api-tests/api-test-jose/CMakeLists.txt b/minimal-examples/api-tests/api-test-jose/CMakeLists.txt
index afd799c60..64e8bdecb 100644
--- a/minimal-examples/api-tests/api-test-jose/CMakeLists.txt
+++ b/minimal-examples/api-tests/api-test-jose/CMakeLists.txt
@@ -62,8 +62,7 @@ MACRO(require_lws_config reqconfig _val result)
 ENDMACRO()
 
 set(requirements 1)
-require_lws_config(LWS_WITH_JWS 1 requirements)
-require_lws_config(LWS_WITH_JWE 1 requirements)
+require_lws_config(LWS_WITH_JOSE 1 requirements)
 
 if (requirements)