diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index 707a4b155..17d47fc17 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -431,12 +431,14 @@ OPENSSL_EXPORT int BIO_set_mem_eof_return(BIO *bio, int eof_value);
 // |BIO_reset| attempts to seek the file pointer to the start of file using
 // |lseek|.
 
+#if !defined(OPENSSL_NO_POSIX_IO)
 // BIO_s_fd returns a |BIO_METHOD| for file descriptor fds.
 OPENSSL_EXPORT const BIO_METHOD *BIO_s_fd(void);
 
 // BIO_new_fd creates a new file descriptor BIO wrapping |fd|. If |close_flag|
 // is non-zero, then |fd| will be closed when the BIO is.
 OPENSSL_EXPORT BIO *BIO_new_fd(int fd, int close_flag);
+#endif
 
 // BIO_set_fd sets the file descriptor of |bio| to |fd|. If |close_flag| is
 // non-zero then |fd| will be closed when |bio| is. It returns one on success
@@ -540,12 +542,14 @@ OPENSSL_EXPORT long BIO_seek(BIO *bio, long offset);
 // TODO(davidben): Add separate APIs and fix the internals to use |SOCKET|s
 // around rather than rely on int casts.
 
+#if !defined(OPENSSL_NO_SOCK)
 OPENSSL_EXPORT const BIO_METHOD *BIO_s_socket(void);
 
 // BIO_new_socket allocates and initialises a fresh BIO which will read and
 // write to the socket |fd|. If |close_flag| is |BIO_CLOSE| then closing the
 // BIO will close |fd|. It returns the fresh |BIO| or NULL on error.
 OPENSSL_EXPORT BIO *BIO_new_socket(int fd, int close_flag);
+#endif  // !OPENSSL_NO_SOCK
 
 
 // Connect BIOs.
@@ -553,6 +557,7 @@ OPENSSL_EXPORT BIO *BIO_new_socket(int fd, int close_flag);
 // A connection BIO creates a network connection and transfers data over the
 // resulting socket.
 
+#if !defined(OPENSSL_NO_SOCK)
 OPENSSL_EXPORT const BIO_METHOD *BIO_s_connect(void);
 
 // BIO_new_connect returns a BIO that connects to the given hostname and port.
@@ -580,12 +585,17 @@ OPENSSL_EXPORT int BIO_set_conn_port(BIO *bio, const char *port_str);
 OPENSSL_EXPORT int BIO_set_conn_int_port(BIO *bio, const int *port);
 
 // BIO_set_nbio sets whether |bio| will use non-blocking I/O operations. It
-// returns one on success and zero otherwise.
+// returns one on success and zero otherwise. This only works for connect BIOs
+// and must be called before |bio| is connected to take effect.
+//
+// For socket and fd BIOs, callers must configure blocking vs. non-blocking I/O
+// using the underlying platform APIs.
 OPENSSL_EXPORT int BIO_set_nbio(BIO *bio, int on);
 
 // BIO_do_connect connects |bio| if it has not been connected yet. It returns
 // one on success and <= 0 otherwise.
 OPENSSL_EXPORT int BIO_do_connect(BIO *bio);
+#endif  // !OPENSSL_NO_SOCK
 
 
 // Datagram BIOs.
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 6f35e6bce..995d05e8c 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -303,6 +303,7 @@ OPENSSL_EXPORT int SSL_get_rfd(const SSL *ssl);
 // socket |BIO|.
 OPENSSL_EXPORT int SSL_get_wfd(const SSL *ssl);
 
+#if !defined(OPENSSL_NO_SOCK)
 // SSL_set_fd configures |ssl| to read from and write to |fd|. It returns one
 // on success and zero on allocation error. The caller retains ownership of
 // |fd|.
@@ -321,6 +322,7 @@ OPENSSL_EXPORT int SSL_set_rfd(SSL *ssl, int fd);
 //
 // On Windows, |fd| is cast to a |SOCKET| and used with Winsock APIs.
 OPENSSL_EXPORT int SSL_set_wfd(SSL *ssl, int fd);
+#endif  // !OPENSSL_NO_SOCK
 
 // SSL_do_handshake continues the current handshake. If there is none or the
 // handshake has completed or False Started, it returns one. Otherwise, it
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 26ffd5036..5a2ac2a8f 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -1595,6 +1595,7 @@ int SSL_get_wfd(const SSL *ssl) {
   return ret;
 }
 
+#if !defined(OPENSSL_NO_SOCK)
 int SSL_set_fd(SSL *ssl, int fd) {
   BIO *bio = BIO_new(BIO_s_socket());
   if (bio == NULL) {
@@ -1644,6 +1645,7 @@ int SSL_set_rfd(SSL *ssl, int fd) {
   }
   return 1;
 }
+#endif  // !OPENSSL_NO_SOCK
 
 static size_t copy_finished(void *out, size_t out_len, const uint8_t *in,
                             size_t in_len) {