diff --git a/bssl-compat/BUILD b/bssl-compat/BUILD
index cf55391788..923e080517 100644
--- a/bssl-compat/BUILD
+++ b/bssl-compat/BUILD
@@ -15,7 +15,8 @@ cmake(
     visibility = ["//visibility:public"],
     generate_crosstool_file = False,
     tags = ["requires-network"],
-    env = { "GOCACHE" : "/tmp" },
+    env = { "Clang_ROOT" : "/usr/lib/llvm" },
+
     build_args = [ "-j" ]
 )
 
diff --git a/bssl-compat/CMakeLists.txt b/bssl-compat/CMakeLists.txt
index c9644fe274..a616ecc405 100644
--- a/bssl-compat/CMakeLists.txt
+++ b/bssl-compat/CMakeLists.txt
@@ -10,9 +10,6 @@ endif()
 set(OPENSSL_URL      https://github.com/openssl/openssl/archive/refs/tags/openssl-3.0.13.tar.gz)
 set(OPENSSL_URL_HASH e74504ed7035295ec7062b1da16c15b57ff2a03cd2064a28d8c39458cacc45fc)
 
-SET (CMAKE_C_COMPILER    "clang")
-SET (CMAKE_CXX_COMPILER  "clang++")
-
 set(CMAKE_C_STANDARD 11)
 set(CMAKE_CXX_STANDARD 17)
 
@@ -140,7 +137,6 @@ add_library(bssl-compat STATIC
   source/SSL_CTX_set_custom_verify.cc
   source/SSL_CTX_set_next_protos_advertised_cb.cc
   source/SSL_CTX_set_private_key_method.cc
-  source/SSL_CTX_set_reverify_on_resume.cc
   source/SSL_CTX_set_select_certificate_cb.cc
   source/SSL_CTX_set_select_certificate_cb.h
   source/SSL_CTX_set_strict_cipher_list.cc
@@ -184,12 +180,10 @@ add_library(bssl-compat STATIC
   source/SSL_set_cert_cb.cc
   source/SSL_set_chain_and_key.cc
   source/SSL_set_client_CA_list.cc
-  source/SSL_set_enforce_rsa_key_usage.cc
   source/SSL_set_ocsp_response.cc
   source/SSL_set_renegotiate_mode.cc
   source/SSL_set_info_callback.cc
   source/SSL_set_verify.cc
-  source/SSL_was_key_usage_invalid.cc
   source/stack.c
   source/TLS_VERSION_to_string.cc
   source/TLS_with_buffers_method.cc
diff --git a/bssl-compat/patch/include/openssl/ssl.h.sh b/bssl-compat/patch/include/openssl/ssl.h.sh
index 9769725635..036cb06e98 100755
--- a/bssl-compat/patch/include/openssl/ssl.h.sh
+++ b/bssl-compat/patch/include/openssl/ssl.h.sh
@@ -193,12 +193,9 @@ uncomment.sh "$1" --comment -h \
   --uncomment-macro SSL_TICKET_KEY_NAME_LEN \
   --uncomment-enum ssl_verify_result_t \
   --uncomment-func-decl SSL_CTX_set_custom_verify \
-  --uncomment-func-decl SSL_CTX_set_reverify_on_resume \
   --uncomment-func-decl SSL_CTX_set_private_key_method \
   --uncomment-func-decl SSL_send_fatal_alert \
   --uncomment-func-decl SSL_alert_desc_string_long \
-  --uncomment-func-decl SSL_set_enforce_rsa_key_usage \
-  --uncomment-func-decl SSL_was_key_usage_invalid \
   --uncomment-func-decl SSL_CTX_get_session_cache_mode \
 
 
diff --git a/bssl-compat/source/SSL_CTX_set_reverify_on_resume.cc b/bssl-compat/source/SSL_CTX_set_reverify_on_resume.cc
deleted file mode 100644
index ed5564063a..0000000000
--- a/bssl-compat/source/SSL_CTX_set_reverify_on_resume.cc
+++ /dev/null
@@ -1,7 +0,0 @@
-#include <openssl/ssl.h>
-#include "log.h"
-
-
-extern "C" void SSL_CTX_set_reverify_on_resume(SSL_CTX *ctx, int enabled) {
-  bssl_compat_warn("SSL_CTX_set_reverify_on_resume() is not implemented");
-}
diff --git a/bssl-compat/source/SSL_set_enforce_rsa_key_usage.cc b/bssl-compat/source/SSL_set_enforce_rsa_key_usage.cc
deleted file mode 100644
index 38aa0f99d6..0000000000
--- a/bssl-compat/source/SSL_set_enforce_rsa_key_usage.cc
+++ /dev/null
@@ -1,9 +0,0 @@
-#include <openssl/ssl.h>
-#include <ossl.h>
-#include "log.h"
-
-
-extern "C" void SSL_set_enforce_rsa_key_usage(SSL *ssl, int enabled) {
-  bssl_compat_warn("SSL_set_enforce_rsa_key_usage() is not implemented");
-}
-
diff --git a/bssl-compat/source/SSL_was_key_usage_invalid.cc b/bssl-compat/source/SSL_was_key_usage_invalid.cc
deleted file mode 100644
index a234257f95..0000000000
--- a/bssl-compat/source/SSL_was_key_usage_invalid.cc
+++ /dev/null
@@ -1,9 +0,0 @@
-#include <openssl/ssl.h>
-#include <ossl.h>
-#include "log.h"
-
-
-extern "C" int SSL_was_key_usage_invalid(const SSL *ssl) {
-  bssl_compat_warn("SSL_was_key_usage_invalid() is not implemented");
-  return 0;
-}
diff --git a/source/extensions/transport_sockets/tls/context_impl.cc b/source/extensions/transport_sockets/tls/context_impl.cc
index 2b9454cf23..c316c40650 100644
--- a/source/extensions/transport_sockets/tls/context_impl.cc
+++ b/source/extensions/transport_sockets/tls/context_impl.cc
@@ -182,7 +182,9 @@ ContextImpl::ContextImpl(Stats::Scope& scope, const Envoy::Ssl::ContextConfig& c
         // even request client certs. So, instead, we should configure a callback to skip
         // validation and always supply the callback to boring SSL.
         SSL_CTX_set_custom_verify(ctx, verify_mode, customVerifyCallback);
+#if 0  // Disabled as not implememnted in the bSSL layer
         SSL_CTX_set_reverify_on_resume(ctx, /*reverify_on_resume_enabled)=*/1);
+#endif
       }
     }
   }
@@ -573,9 +575,11 @@ void ContextImpl::logHandshake(SSL* ssl) const {
   // Increment the `was_key_usage_invalid_` stats to indicate the given cert would have triggered an
   // error but is allowed because the enforcement that rsa key usage and tls usage need to be
   // matched has been disabled.
+#if 0  // Disabled as SSL_was_key_usage_invalid() is not implememnted in the bSSL layer
   if (SSL_was_key_usage_invalid(ssl)) {
     stats_.was_key_usage_invalid_.inc();
   }
+#endif
 #endif // BORINGSSL_API_VERSION
 }
 
@@ -738,7 +742,9 @@ ClientContextImpl::newSsl(const Network::TransportSocketOptionsConstSharedPtr& o
     SSL_set_renegotiate_mode(ssl_con.get(), ssl_renegotiate_freely);
   }
 
+#if 0  // Disabled as not implememnted in the bSSL layer
   SSL_set_enforce_rsa_key_usage(ssl_con.get(), enforce_rsa_key_usage_);
+#endif
 
   if (max_session_keys_ > 0) {
     if (session_keys_single_use_) {