diff --git a/images/macos/provision/core/openssl.sh b/images/macos/provision/core/openssl.sh
index 16a317c0..b0d2401b 100755
--- a/images/macos/provision/core/openssl.sh
+++ b/images/macos/provision/core/openssl.sh
@@ -2,24 +2,11 @@
 
 source ~/utils/utils.sh
 
-echo Installing OpenSSL...
+echo "Install latest openssl"
 brew install openssl
 
-# Install OpenSSL 1.0.2t
-# https://www.openssl.org/policies/releasestrat.html - Version 1.0.2 will be supported until 2019-12-31 (LTS)
-# To preserve backward compatibility with ruby-toolcache
-brew tap-new --no-git local/openssl
-FORMULA_PATH=$(brew extract openssl local/openssl | grep "Homebrew/Library/Taps")
-brew install $FORMULA_PATH
+echo "Install openssl@1.1"
+brew install openssl@1.1
 
-# Set OpenSSL 1.0.2t as default
-ln -sf /usr/local/Cellar/openssl@1.0.2t /usr/local/Cellar/openssl
-ln -sf /usr/local/Cellar/openssl/1.0.2t/bin/openssl /usr/local/bin/openssl
-rm /usr/local/opt/openssl
-ln -sf ../Cellar/openssl/1.0.2t /usr/local/opt/openssl
-
-# Resolve dot net core openssl dependency issue for agent
-# https://github.com/microsoft/azure-pipelines-agent/blob/master/docs/start/envosx.md
-mkdir -p /usr/local/lib/
-ln -s /usr/local/opt/openssl@1.0.2t/lib/libcrypto.1.0.0.dylib /usr/local/lib/
-ln -s /usr/local/opt/openssl@1.0.2t/lib/libssl.1.0.0.dylib /usr/local/lib/
+# Symlink brew openssl@1.1 to `/usr/local/bin` as Homebrew refuses
+ln -sf $(brew --prefix openssl@1.1)/bin/openssl /usr/local/bin/openssl
diff --git a/images/macos/tests/Common.Tests.ps1 b/images/macos/tests/Common.Tests.ps1
index 9e80ad48..e45eff03 100644
--- a/images/macos/tests/Common.Tests.ps1
+++ b/images/macos/tests/Common.Tests.ps1
@@ -156,8 +156,20 @@ Describe "Common utilities" {
         "jq --version" | Should -ReturnZeroExitCode
     }
 
-    It "OpenSSL" {
-        "openssl version" | Should -ReturnZeroExitCode
+    Context "OpenSSL" {
+        It "OpenSSL is available" {
+            "openssl version" | Should -ReturnZeroExitCode
+        }
+
+        It "OpenSSL 1.1 path exists" {
+            $openSSLpath = "/usr/local/opt/openssl@1.1"
+            $openSSLpath | Should -Exist
+        }
+
+        It "Default OpenSSL version is 1.1" {
+            $commandResult = Get-CommandResult "openssl version"
+            $commandResult.Output | Should -Match "OpenSSL 1.1"
+        }
     }
 
     It "GnuPG" {