diff --git a/RSA.pm b/RSA.pm
index 838cb02..0c2f580 100644
--- a/RSA.pm
+++ b/RSA.pm
@@ -52,6 +52,15 @@ sub get_key_parameters {
 
 *get_public_key_pkcs1_string = \&get_public_key_string;
 
+unless ( defined &use_sslv23_padding ) {
+    *use_sslv23_padding = sub {
+        croak(  "use_sslv23_padding is not available: "
+              . "SSLv23 padding was removed in OpenSSL 3.x. "
+              . "Use use_pkcs1_oaep_padding() for encryption "
+              . "or use_pkcs1_pss_padding() for signatures instead." );
+    };
+}
+
 1;
 
 __END__
@@ -321,7 +330,10 @@ fatal error.  Call C<use_pkcs1_oaep_padding> for encryption operations.
 Use C<PKCS #1 v1.5> padding with an SSL-specific modification that
 denotes that the server is SSL3 capable.
 
-Not available since OpenSSL 3.
+B<Not available on OpenSSL 3.x or later.>  Calling this method will
+croak with a descriptive error message suggesting alternatives.
+Use C<use_pkcs1_oaep_padding()> for encryption or
+C<use_pkcs1_pss_padding()> for signatures.
 
 =back
 
diff --git a/t/padding.t b/t/padding.t
index 3da9b65..595c30b 100644
--- a/t/padding.t
+++ b/t/padding.t
@@ -8,7 +8,7 @@ use Crypt::OpenSSL::Guess qw(openssl_version);
 my ($major, $minor, $patch) = openssl_version;
 
 BEGIN {
-    plan tests => 123 + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_sha512_hash" ) ? 4 * 5 : 0 );
+    plan tests => 124 + ( UNIVERSAL::can( "Crypt::OpenSSL::RSA", "use_sha512_hash" ) ? 4 * 5 : 0 );
 }
 
 sub _Test_Encrypt_And_Decrypt {
@@ -84,12 +84,13 @@ my $rsa_pub = Crypt::OpenSSL::RSA->new_public_key($public_key_string);
 $plaintext .= $plaintext x 5;
 # sslv23 is unsupported on OpenSSL 3.x
 SKIP: {
-    skip "OpenSSL version less than 3.0 supports sslv23", 1
+    skip "OpenSSL version less than 3.0 supports sslv23", 2
         if $major lt '3.0';
     eval {
         $rsa->use_sslv23_padding;
     };
-    ok($@, "Padding method sslv23 unsupported on OpenSSL 3.x");
+    ok($@, "use_sslv23_padding croaks on OpenSSL 3.x");
+    like($@, qr/SSLv23 padding was removed/, "error message explains deprecation");
 }
 
 # pkcs1 is supported (for signatures, not encryption)