diff --git a/include/maxscale/encryption.h b/include/maxscale/encryption.h
index dfbb3407a..48b928856 100644
--- a/include/maxscale/encryption.h
+++ b/include/maxscale/encryption.h
@@ -21,5 +21,7 @@ MXS_BEGIN_DECLS
 
 EVP_CIPHER_CTX* mxs_evp_cipher_ctx_alloc();
 void mxs_evp_cipher_ctx_free(EVP_CIPHER_CTX* ctx);
+uint8_t* mxs_evp_cipher_ctx_buf(EVP_CIPHER_CTX* ctx);
+uint8_t* mxs_evp_cipher_ctx_oiv(EVP_CIPHER_CTX* ctx);
 
 MXS_END_DECLS
diff --git a/server/core/encryption.c b/server/core/encryption.c
index 219cd8916..63f9b2c4b 100644
--- a/server/core/encryption.c
+++ b/server/core/encryption.c
@@ -35,3 +35,21 @@ void mxs_evp_cipher_ctx_free(EVP_CIPHER_CTX* ctx)
     MXS_FREE(ctx);
 #endif
 }
+
+uint8_t* mxs_evp_cipher_ctx_buf(EVP_CIPHER_CTX* ctx)
+{
+#ifdef OPENSSL_1_1
+    return (uint8_t*)EVP_CIPHER_CTX_buf_noconst(ctx);
+#else
+    return (uint8_t*)ctx->buf;
+#endif
+}
+
+uint8_t* mxs_evp_cipher_ctx_oiv(EVP_CIPHER_CTX* ctx)
+{
+#ifdef OPENSSL_1_1
+    return (uint8_t*)EVP_CIPHER_CTX_original_iv(ctx);
+#else
+    return (uint8_t*)ctx->oiv;
+#endif
+}
diff --git a/server/modules/routing/binlogrouter/blr_file.c b/server/modules/routing/binlogrouter/blr_file.c
index 033d0c328..96c2a18f4 100644
--- a/server/modules/routing/binlogrouter/blr_file.c
+++ b/server/modules/routing/binlogrouter/blr_file.c
@@ -2874,9 +2874,9 @@ static GWBUF *blr_aes_crypt(ROUTER_INSTANCE *router,
         if (size - outlen > 0)
         {
             if (!blr_aes_create_tail_for_cbc(out_ptr + 4 + outlen,
-                                             buffer + outlen,
+                                             mxs_evp_cipher_ctx_buf(ctx),
                                              size - outlen,
-                                             iv,
+                                             mxs_evp_cipher_ctx_oiv(ctx),
                                              router->encryption.key_value,
                                              router->encryption.key_len))
             {