diff --git a/MATRIX.md b/MATRIX.md
index de95ac2..2e101e9 100644
--- a/MATRIX.md
+++ b/MATRIX.md
@@ -227,8 +227,8 @@
 | `SSL_SESSION_get_compress_id`  |  |  |  | :exclamation: [^stub] |
 | `SSL_SESSION_get_ex_data`  |  |  |  |  |
 | `SSL_SESSION_get_id`  |  | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| `SSL_SESSION_get_master_key`  |  |  | :white_check_mark: |  |
-| `SSL_SESSION_get_max_early_data`  |  |  | :white_check_mark: |  |
+| `SSL_SESSION_get_master_key`  |  |  | :white_check_mark: | :exclamation: [^stub] |
+| `SSL_SESSION_get_max_early_data`  |  |  | :white_check_mark: | :exclamation: [^stub] |
 | `SSL_SESSION_get_max_fragment_length`  |  |  |  |  |
 | `SSL_SESSION_get_protocol_version`  |  |  |  |  |
 | `SSL_SESSION_get_ticket_lifetime_hint`  |  |  |  |  |
@@ -275,7 +275,7 @@
 | `SSL_check_private_key`  |  |  |  | :white_check_mark: |
 | `SSL_clear`  |  |  |  |  |
 | `SSL_clear_options`  |  | :white_check_mark: |  | :white_check_mark: |
-| `SSL_client_hello_get0_ciphers`  |  |  | :white_check_mark: |  |
+| `SSL_client_hello_get0_ciphers`  |  |  | :white_check_mark: | :exclamation: [^stub] |
 | `SSL_client_hello_get0_compression_methods`  |  |  |  |  |
 | `SSL_client_hello_get0_ext`  |  |  | :white_check_mark: | :exclamation: [^stub] |
 | `SSL_client_hello_get0_legacy_version`  |  |  |  |  |
@@ -319,15 +319,15 @@
 | `SSL_get1_session`  |  | :white_check_mark: |  | :white_check_mark: |
 | `SSL_get1_supported_ciphers`  |  |  |  |  |
 | `SSL_get_SSL_CTX`  |  | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| `SSL_get_all_async_fds`  |  |  | :white_check_mark: |  |
+| `SSL_get_all_async_fds`  |  |  | :white_check_mark: | :exclamation: [^stub] |
 | `SSL_get_async_status`  |  |  |  |  |
 | `SSL_get_certificate`  | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
-| `SSL_get_changed_async_fds`  |  |  | :white_check_mark: |  |
+| `SSL_get_changed_async_fds`  |  |  | :white_check_mark: | :exclamation: [^stub] |
 | `SSL_get_cipher_list`  |  |  |  |  |
 | `SSL_get_ciphers`  |  |  |  | :exclamation: [^stub] |
 | `SSL_get_client_CA_list`  |  |  |  | :exclamation: [^stub] |
 | `SSL_get_client_ciphers`  |  |  |  |  |
-| `SSL_get_client_random`  |  |  | :white_check_mark: |  |
+| `SSL_get_client_random`  |  |  | :white_check_mark: | :exclamation: [^stub] |
 | `SSL_get_current_cipher`  | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_get_current_compression`  |  |  |  | :white_check_mark: |
 | `SSL_get_current_expansion`  |  |  |  |  |
@@ -361,7 +361,7 @@
 | `SSL_get_security_callback`  |  |  |  |  |
 | `SSL_get_security_level`  |  |  |  |  |
 | `SSL_get_selected_srtp_profile` [^srtp] |  |  |  |  |
-| `SSL_get_server_random`  |  |  | :white_check_mark: |  |
+| `SSL_get_server_random`  |  |  | :white_check_mark: | :exclamation: [^stub] |
 | `SSL_get_servername`  |  | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_get_servername_type`  |  |  |  | :white_check_mark: |
 | `SSL_get_session`  |  | :white_check_mark: | :white_check_mark: | :white_check_mark: |
@@ -499,7 +499,7 @@
 | `SSL_use_psk_identity_hint` [^psk] |  |  |  |  |
 | `SSL_verify_client_post_handshake`  |  |  |  | :exclamation: [^stub] |
 | `SSL_version`  |  | :white_check_mark: |  | :white_check_mark: |
-| `SSL_waiting_for_async`  |  |  | :white_check_mark: |  |
+| `SSL_waiting_for_async`  |  |  | :white_check_mark: | :exclamation: [^stub] |
 | `SSL_want`  |  |  |  | :white_check_mark: |
 | `SSL_write`  | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | `SSL_write_early_data`  |  | :white_check_mark: | :white_check_mark: | :exclamation: [^stub] |
diff --git a/build.rs b/build.rs
index 03805c0..3eb1526 100644
--- a/build.rs
+++ b/build.rs
@@ -61,6 +61,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_CIPHER_get_version",
     "SSL_CIPHER_standard_name",
     "SSL_clear_options",
+    "SSL_client_hello_get0_ciphers",
     "SSL_client_hello_get0_ext",
     "SSL_COMP_get_compression_methods",
     "SSL_CONF_cmd",
@@ -152,9 +153,12 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_get0_verified_chain",
     "SSL_get1_peer_certificate",
     "SSL_get1_session",
+    "SSL_get_all_async_fds",
     "SSL_get_certificate",
+    "SSL_get_changed_async_fds",
     "SSL_get_ciphers",
     "SSL_get_client_CA_list",
+    "SSL_get_client_random",
     "SSL_get_current_cipher",
     "SSL_get_current_compression",
     "SSL_get_error",
@@ -168,6 +172,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_get_peer_signature_type_nid",
     "SSL_get_privatekey",
     "SSL_get_rbio",
+    "SSL_get_server_random",
     "SSL_get_servername",
     "SSL_get_servername_type",
     "SSL_get_session",
@@ -200,6 +205,8 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_SESSION_get0_hostname",
     "SSL_SESSION_get_compress_id",
     "SSL_SESSION_get_id",
+    "SSL_SESSION_get_master_key",
+    "SSL_SESSION_get_max_early_data",
     "SSL_SESSION_get_time",
     "SSL_SESSION_get_timeout",
     "SSL_session_reused",
@@ -240,6 +247,7 @@ const ENTRYPOINTS: &[&str] = &[
     "SSL_use_PrivateKey_file",
     "SSL_verify_client_post_handshake",
     "SSL_version",
+    "SSL_waiting_for_async",
     "SSL_want",
     "SSL_write",
     "SSL_write_early_data",
diff --git a/src/entry.rs b/src/entry.rs
index b76d00d..9454c51 100644
--- a/src/entry.rs
+++ b/src/entry.rs
@@ -2326,7 +2326,8 @@ entry_stub! {
     ) -> c_long;
 }
 
-// No access to individual certificate extensions
+// No access to individual clienthello extensions and no
+// SSL_CTX_set_client_hello_cb support
 
 entry_stub! {
     pub fn _SSL_client_hello_get0_ext(
@@ -2337,6 +2338,10 @@ entry_stub! {
     ) -> c_int;
 }
 
+entry_stub! {
+    pub fn _SSL_client_hello_get0_ciphers(_ssl: *mut SSL, _out: *mut *const c_uchar) -> usize;
+}
+
 // No custom extension support
 // (used by nginx to implement quic)
 
@@ -2422,6 +2427,51 @@ entry_stub! {
     pub fn _SSL_COMP_get_compression_methods() -> *mut stack_st_void;
 }
 
+// No `SSL_MODE_ASYNC`
+
+entry_stub! {
+    pub fn _SSL_waiting_for_async(_ssl: *mut SSL) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_get_all_async_fds(_ssl: *mut SSL, _fds: *mut c_int, _numfds: *mut usize) -> c_int;
+}
+
+entry_stub! {
+    pub fn _SSL_get_changed_async_fds(
+        _ssl: *mut SSL,
+        _addfd: *mut c_int,
+        _numaddfds: *mut usize,
+        _delfd: *mut c_int,
+        _numdelfds: *mut usize,
+    ) -> c_int;
+}
+
+// Unsafe low-level accessors.  OpenSSL docs say "you probably shouldn't use these functions."
+
+entry_stub! {
+    pub fn _SSL_get_client_random(_ssl: *const SSL, _out: *mut c_uchar, _outlen: usize) -> usize;
+}
+
+entry_stub! {
+    pub fn _SSL_get_server_random(_ssl: *const SSL, _out: *mut c_uchar, _outlen: usize) -> usize;
+}
+
+entry_stub! {
+    pub fn _SSL_SESSION_get_master_key(
+        _sess: *const SSL_SESSION,
+        _out: *mut c_uchar,
+        _outlen: usize,
+    ) -> usize;
+}
+
+// This can be filled in when client SSL_SESSIONs are supported, via
+// `Tls13ClientSessionValue::max_early_data_size()`.
+
+entry_stub! {
+    pub fn _SSL_SESSION_get_max_early_data(_sess: *const SSL_SESSION) -> u32;
+}
+
 // ---------------------
 
 #[cfg(test)]