diff --git a/ssl/internal.h b/ssl/internal.h
index 9efc2925..3bcf0e7e 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -1988,11 +1988,6 @@ struct SSLContext {
                                       uint8_t *psk, unsigned int max_psk_len);
 
 
-  // retain_only_sha256_of_client_certs is true if we should compute the SHA256
-  // hash of the peer's certificate and then discard it to save memory and
-  // session space. Only effective on the server side.
-  char retain_only_sha256_of_client_certs;
-
   // Next protocol negotiation information
   // (for experimental NPN extension).
 
@@ -2059,32 +2054,37 @@ struct SSLContext {
   uint16_t *verify_sigalgs;
   size_t num_verify_sigalgs;
 
+  // retain_only_sha256_of_client_certs is true if we should compute the SHA256
+  // hash of the peer's certificate and then discard it to save memory and
+  // session space. Only effective on the server side.
+  bool retain_only_sha256_of_client_certs:1;
+
   // quiet_shutdown is true if the connection should not send a close_notify on
   // shutdown.
-  unsigned quiet_shutdown:1;
+  bool quiet_shutdown:1;
 
   // ocsp_stapling_enabled is only used by client connections and indicates
   // whether OCSP stapling will be requested.
-  unsigned ocsp_stapling_enabled:1;
+  bool ocsp_stapling_enabled:1;
 
   // If true, a client will request certificate timestamps.
-  unsigned signed_cert_timestamps_enabled:1;
+  bool signed_cert_timestamps_enabled:1;
 
   // tlsext_channel_id_enabled is one if Channel ID is enabled and zero
   // otherwise. For a server, means that we'll accept Channel IDs from clients.
   // For a client, means that we'll advertise support.
-  unsigned tlsext_channel_id_enabled:1;
+  bool tlsext_channel_id_enabled:1;
 
   // grease_enabled is one if draft-davidben-tls-grease-01 is enabled and zero
   // otherwise.
-  unsigned grease_enabled:1;
+  bool grease_enabled:1;
 
   // allow_unknown_alpn_protos is one if the client allows unsolicited ALPN
   // protocols from the peer.
-  unsigned allow_unknown_alpn_protos:1;
+  bool allow_unknown_alpn_protos:1;
 
   // ed25519_enabled is one if Ed25519 is advertised in the handshake.
-  unsigned ed25519_enabled:1;
+  bool ed25519_enabled:1;
 };
 
 struct SSL3_RECORD {
@@ -2529,31 +2529,31 @@ struct SSLConnection {
   // server is true iff the this SSL* is the server half. Note: before the SSL*
   // is initialized by either SSL_set_accept_state or SSL_set_connect_state,
   // the side is not determined. In this state, server is always false.
-  unsigned server:1;
+  bool server:1;
 
   // quiet_shutdown is true if the connection should not send a close_notify on
   // shutdown.
-  unsigned quiet_shutdown:1;
+  bool quiet_shutdown:1;
 
   // Enable signed certificate time stamps. Currently client only.
-  unsigned signed_cert_timestamps_enabled:1;
+  bool signed_cert_timestamps_enabled:1;
 
   // ocsp_stapling_enabled is only used by client connections and indicates
   // whether OCSP stapling will be requested.
-  unsigned ocsp_stapling_enabled:1;
+  bool ocsp_stapling_enabled:1;
 
   // tlsext_channel_id_enabled is copied from the |SSL_CTX|. For a server,
   // means that we'll accept Channel IDs from clients. For a client, means that
   // we'll advertise support.
-  unsigned tlsext_channel_id_enabled:1;
+  bool tlsext_channel_id_enabled:1;
 
   // retain_only_sha256_of_client_certs is true if we should compute the SHA256
   // hash of the peer's certificate and then discard it to save memory and
   // session space. Only effective on the server side.
-  unsigned retain_only_sha256_of_client_certs:1;
+  bool retain_only_sha256_of_client_certs:1;
 
   // early_data_accepted is true if early data was accepted by the server.
-  unsigned early_data_accepted:1;
+  bool early_data_accepted:1;
 };
 
 // From draft-ietf-tls-tls13-18, used in determining PSK modes.
diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc
index 528263d7..1fed95c5 100644
--- a/ssl/ssl_lib.cc
+++ b/ssl/ssl_lib.cc
@@ -744,12 +744,12 @@ void SSL_free(SSL *ssl) {
 }
 
 void SSL_set_connect_state(SSL *ssl) {
-  ssl->server = 0;
+  ssl->server = false;
   ssl->do_handshake = ssl_client_handshake;
 }
 
 void SSL_set_accept_state(SSL *ssl) {
-  ssl->server = 1;
+  ssl->server = true;
   ssl->do_handshake = ssl_server_handshake;
 }
 
@@ -1795,19 +1795,19 @@ void SSL_set_custom_verify(
 }
 
 void SSL_CTX_enable_signed_cert_timestamps(SSL_CTX *ctx) {
-  ctx->signed_cert_timestamps_enabled = 1;
+  ctx->signed_cert_timestamps_enabled = true;
 }
 
 void SSL_enable_signed_cert_timestamps(SSL *ssl) {
-  ssl->signed_cert_timestamps_enabled = 1;
+  ssl->signed_cert_timestamps_enabled = true;
 }
 
 void SSL_CTX_enable_ocsp_stapling(SSL_CTX *ctx) {
-  ctx->ocsp_stapling_enabled = 1;
+  ctx->ocsp_stapling_enabled = true;
 }
 
 void SSL_enable_ocsp_stapling(SSL *ssl) {
-  ssl->ocsp_stapling_enabled = 1;
+  ssl->ocsp_stapling_enabled = true;
 }
 
 void SSL_get0_signed_cert_timestamp_list(const SSL *ssl, const uint8_t **out,
@@ -2004,7 +2004,7 @@ int SSL_CTX_set1_tls_channel_id(SSL_CTX *ctx, EVP_PKEY *private_key) {
   EVP_PKEY_free(ctx->tlsext_channel_id_private);
   EVP_PKEY_up_ref(private_key);
   ctx->tlsext_channel_id_private = private_key;
-  ctx->tlsext_channel_id_enabled = 1;
+  ctx->tlsext_channel_id_enabled = true;
 
   return 1;
 }
@@ -2018,7 +2018,7 @@ int SSL_set1_tls_channel_id(SSL *ssl, EVP_PKEY *private_key) {
   EVP_PKEY_free(ssl->tlsext_channel_id_private);
   EVP_PKEY_up_ref(private_key);
   ssl->tlsext_channel_id_private = private_key;
-  ssl->tlsext_channel_id_enabled = 1;
+  ssl->tlsext_channel_id_enabled = true;
 
   return 1;
 }
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 9c4231d4..a0cca3ce 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -2033,7 +2033,7 @@ static int ext_early_data_parse_serverhello(SSL_HANDSHAKE *hs,
     return 0;
   }
 
-  ssl->early_data_accepted = 1;
+  ssl->early_data_accepted = true;
   return 1;
 }
 
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index 9fe2d5d0..e372a0de 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -384,7 +384,7 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
           ssl->s3->alpn_selected_len == session->early_alpn_len &&
           OPENSSL_memcmp(ssl->s3->alpn_selected, session->early_alpn,
                          ssl->s3->alpn_selected_len) == 0) {
-        ssl->early_data_accepted = 1;
+        ssl->early_data_accepted = true;
       }
 
       if (hs->new_session == NULL) {
@@ -452,7 +452,7 @@ static enum ssl_hs_wait_t do_select_session(SSL_HANDSHAKE *hs) {
   bool need_retry;
   if (!resolve_ecdhe_secret(hs, &need_retry, &client_hello)) {
     if (need_retry) {
-      ssl->early_data_accepted = 0;
+      ssl->early_data_accepted = false;
       ssl->s3->skip_early_data = true;
       ssl->method->next_message(ssl);
       hs->tls13_state = state_send_hello_retry_request;