diff --git a/CMakeLists.txt b/CMakeLists.txt
index ad68a19a..bd6bb367 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -696,6 +696,15 @@ if (LWS_WITH_SSL)
 		include_directories("${OPENSSL_INCLUDE_DIRS}")
 		list(APPEND LIB_LIST ${OPENSSL_LIBRARIES})
 	endif()
+
+	# older (0.98) Openssl lacks this
+	set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS})
+	check_include_file(openssl/ecdh.h LWS_HAVE_OPENSSL_ECDH_H)
+
+	if (LWS_SSL_SERVER_WITH_ECDH_CERT AND NOT LWS_HAVE_OPENSSL_ECDH_H)
+		message(FATAL_ERROR "Missing openssl/ecdh.h, so cannot use LWS_SSL_SERVER_WITH_ECDH_CERT")
+	endif()
+
 endif(LWS_WITH_SSL)
 
 if (LWS_WITH_LIBEV)
@@ -1217,6 +1226,7 @@ message(" LWS_MBED3 = ${LWS_MBED3}")
 message(" LWS_SSL_SERVER_WITH_ECDH_CERT = ${LWS_SSL_SERVER_WITH_ECDH_CERT}")
 message(" LWS_MAX_SMP = ${LWS_MAX_SMP}")
 message(" LWS_WITH_CGI = ${LWS_WITH_CGI}")
+message(" LWS_HAVE_OPENSSL_ECDH_H = ${LWS_HAVE_OPENSSL_ECDH_H}")
 message("---------------------------------------------------------------------")
 
 # These will be available to parent projects including libwebsockets using add_subdirectory()
diff --git a/lib/ssl.c b/lib/ssl.c
index a0372d7a..2a94f153 100644
--- a/lib/ssl.c
+++ b/lib/ssl.c
@@ -24,7 +24,7 @@
  #include <openssl/err.h>
 #endif
 
-#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+#ifdef LWS_HAVE_OPENSSL_ECDH_H
 #include <openssl/ecdh.h>
 #endif
 
@@ -139,7 +139,7 @@ static int
 lws_context_ssl_init_ecdh_curve(struct lws_context_creation_info *info,
 				struct lws_context *context)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+#ifdef LWS_HAVE_OPENSSL_ECDH_H
 	EC_KEY *ecdh;
 	int ecdh_nid;
 	const char *ecdh_curve = "prime256v1";
diff --git a/lws_config.h.in b/lws_config.h.in
index c108eb3a..a647a4b5 100644
--- a/lws_config.h.in
+++ b/lws_config.h.in
@@ -77,6 +77,9 @@
 /* CGI apis */
 #cmakedefine LWS_WITH_CGI
 
+/* whether the Openssl is recent enough, and / or built with, ecdh */
+#cmakedefine LWS_HAVE_OPENSSL_ECDH_H
+
 /* Maximum supported service threads */
 #define LWS_MAX_SMP ${LWS_MAX_SMP}