diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0643180cf..bb1d1c567 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ _Code:_
 - **Core**
 
   - Include embedded BoringSSL into Soter for convenience ([#681](https://github.com/cossacklabs/themis/pull/681)).
+  - `make deb` and `make rpm` with `ENGINE=boringssl` will now produce `libthemis-boringssl` packages with embedded BoringSSL ([#683](https://github.com/cossacklabs/themis/pull/683)).
 
 - **Android**
 
@@ -22,6 +23,10 @@ _Code:_
 
   - Minor dependency updates making the world a better place ([#680](https://github.com/cossacklabs/themis/pull/680)).
 
+- **PHP**
+
+  - `libphpthemis` packages for Debian/Ubuntu now have accurate dependencies ([#683](https://github.com/cossacklabs/themis/pull/683)).
+
 - **WebAssembly**
 
   - Minor dependency updates making the world a better place ([#680](https://github.com/cossacklabs/themis/pull/680)).
@@ -31,6 +36,7 @@ _Infrastructure:_
 - Improved package split making `libthemis` thinner ([#678](https://github.com/cossacklabs/themis/pull/678)).
 - Optimized dependencies of `libthemis` DEB and RPM packages ([#682](https://github.com/cossacklabs/themis/pull/682)).
 - AndroidThemis is now available on JCenter ([#679](https://github.com/cossacklabs/themis/pull/679)).
+- `make deb` and `make rpm` with `ENGINE=boringssl` will now produce `libthemis-boringssl` packages with embedded BoringSSL ([#683](https://github.com/cossacklabs/themis/pull/683)).
 
 ## [0.13.0](https://github.com/cossacklabs/themis/releases/tag/0.13.0), July 8th 2020
 
diff --git a/Makefile b/Makefile
index d95eb5008..347d48e01 100644
--- a/Makefile
+++ b/Makefile
@@ -604,26 +604,44 @@ endif
 # Packaging Themis Core: Linux distributions
 #
 
+ifeq ($(ENGINE),boringssl)
+ifeq ($(CRYPTO_ENGINE_LIB_PATH),)
+PACKAGE_EMBEDDED_BORINGSSL := yes
+endif
+endif
+
 COSSACKLABS_URL = https://www.cossacklabs.com
 MAINTAINER = "Cossack Labs Limited <dev@cossacklabs.com>"
 LICENSE_NAME = "Apache License Version 2.0"
 
 DEB_CODENAME := $(shell lsb_release -cs 2> /dev/null)
 DEB_ARCHITECTURE = `dpkg --print-architecture 2>/dev/null`
+ifneq ($(PACKAGE_EMBEDDED_BORINGSSL),yes)
 # If we were using native Debian packaging, dpkg-shlibdeps could supply us with
 # accurate dependency information. However, we build packages manually, so we
 # use dependencies of "libssl-dev" as a proxy. Typically this is "libssl1.1".
 DEB_DEPENDENCIES += --depends $(shell apt-cache depends libssl-dev | grep 'Depends:' | cut -d: -f 2- | tr -d ' ')
+endif
+DEB_DEPENDENCIES += --conflicts $(OTHER_PACKAGE_NAME)
 DEB_DEPENDENCIES_DEV += --depends "$(PACKAGE_NAME) = $(VERSION)+$(OS_CODENAME)"
+ifneq ($(PACKAGE_EMBEDDED_BORINGSSL),yes)
 DEB_DEPENDENCIES_DEV += --depends libssl-dev
-DEB_DEPENDENCIES_THEMISPP = --depends "$(DEB_DEV_PACKAGE_NAME) = $(VERSION)+$(OS_CODENAME)"
-DEB_DEPENDENCIES_JNI += --depends "$(PACKAGE_NAME) >= $(VERSION)+$(OS_CODENAME)"
+endif
+DEB_DEPENDENCIES_DEV += --conflicts $(OTHER_DEB_DEV_PACKAGE_NAME)
+DEB_DEPENDENCIES_THEMISPP = --depends "$(DEB_DEV_PACKAGE_NAME) (= $(VERSION)+$(OS_CODENAME)) | $(OTHER_DEB_DEV_PACKAGE_NAME) (= $(VERSION)+$(OS_CODENAME))"
+DEB_DEPENDENCIES_JNI += --depends "$(PACKAGE_NAME) (>= $(VERSION)+$(OS_CODENAME)) | $(OTHER_PACKAGE_NAME) >= ($(VERSION)+$(OS_CODENAME))"
 
+ifneq ($(PACKAGE_EMBEDDED_BORINGSSL),yes)
 RPM_DEPENDENCIES += --depends openssl-libs
+endif
+RPM_DEPENDENCIES += --conflicts $(OTHER_PACKAGE_NAME)
 RPM_DEPENDENCIES_DEV += --depends "$(PACKAGE_NAME) = $(RPM_VERSION)-$(RPM_RELEASE_NUM)"
+ifneq ($(PACKAGE_EMBEDDED_BORINGSSL),yes)
 RPM_DEPENDENCIES_DEV += --depends openssl-devel
-RPM_DEPENDENCIES_THEMISPP = --depends "$(RPM_DEV_PACKAGE_NAME) = $(RPM_VERSION)-$(RPM_RELEASE_NUM)"
-RPM_DEPENDENCIES_JNI += --depends "$(PACKAGE_NAME) >= $(RPM_VERSION)-$(RPM_RELEASE_NUM)"
+endif
+RPM_DEPENDENCIES_DEV += --conflicts $(OTHER_RPM_DEV_PACKAGE_NAME)
+RPM_DEPENDENCIES_THEMISPP = --depends "($(RPM_DEV_PACKAGE_NAME) = $(RPM_VERSION)-$(RPM_RELEASE_NUM) or $(OTHER_RPM_DEV_PACKAGE_NAME) = $(RPM_VERSION)-$(RPM_RELEASE_NUM))"
+RPM_DEPENDENCIES_JNI += --depends "($(PACKAGE_NAME) >= $(RPM_VERSION)-$(RPM_RELEASE_NUM) or $(OTHER_PACKAGE_NAME) >= $(RPM_VERSION)-$(RPM_RELEASE_NUM))"
 RPM_RELEASE_NUM = 1
 
 OS_NAME := $(shell lsb_release -is 2>/dev/null || printf 'unknown')
@@ -641,13 +659,26 @@ else ifeq ($(OS_NAME),$(filter $(OS_NAME),RedHatEnterpriseServer CentOS))
 	RPM_LIBDIR := /$(shell [ $$(arch) == "x86_64" ] && echo "lib64" || echo "lib")
 endif
 
-PACKAGE_NAME = libthemis
-DEB_DEV_PACKAGE_NAME = libthemis-dev
-RPM_DEV_PACKAGE_NAME = libthemis-devel
+ifeq ($(PACKAGE_EMBEDDED_BORINGSSL),yes)
+PACKAGE_SUFFIX = -boringssl
+endif
+PACKAGE_NAME = libthemis$(PACKAGE_SUFFIX)
+DEB_DEV_PACKAGE_NAME = $(PACKAGE_NAME)-dev
+RPM_DEV_PACKAGE_NAME = $(PACKAGE_NAME)-devel
 DEB_THEMISPP_PACKAGE_NAME = libthemispp-dev
 RPM_THEMISPP_PACKAGE_NAME = libthemispp-devel
 JNI_PACKAGE_NAME = libthemis-jni
 
+ifeq ($(PACKAGE_EMBEDDED_BORINGSSL),yes)
+OTHER_PACKAGE_NAME = libthemis
+OTHER_DEB_DEV_PACKAGE_NAME = libthemis-dev
+OTHER_RPM_DEV_PACKAGE_NAME = libthemis-devel
+else
+OTHER_PACKAGE_NAME = libthemis-boringssl
+OTHER_DEB_DEV_PACKAGE_NAME = libthemis-boringssl-dev
+OTHER_RPM_DEV_PACKAGE_NAME = libthemis-boringssl-devel
+endif
+
 PACKAGE_CATEGORY = security
 SHORT_DESCRIPTION = Data security library for network communication and data storage
 RPM_SUMMARY = Data security library for network communication and data storage. \
@@ -883,10 +914,11 @@ pkginfo:
 
 PHP_VERSION_FULL:=$(shell php -r "echo PHP_MAJOR_VERSION.'.'.PHP_MINOR_VERSION;" 2>/dev/null)
 ifeq ($(OS_CODENAME),jessie)
-    PHP_DEPENDENCIES:=php5
+    PHP_DEPENDENCIES += --depends php5
 else
-    PHP_DEPENDENCIES:=php$(PHP_VERSION_FULL)
+    PHP_DEPENDENCIES += --depends php$(PHP_VERSION_FULL)
 endif
+PHP_DEPENDENCIES += --depends "$(PACKAGE_NAME) (>= $(VERSION)+$(OS_CODENAME)) | $(OTHER_PACKAGE_NAME) (>= $(VERSION)+$(OS_CODENAME))"
 
 PHP_PACKAGE_NAME:=libphpthemis-php$(PHP_VERSION_FULL)
 PHP_POST_INSTALL_SCRIPT:=./scripts/phpthemis_postinstall.sh
@@ -906,7 +938,7 @@ deb_php:
 		 --package $(BIN_PATH)/deb/$(PHP_PACKAGE_NAME)_$(NAME_SUFFIX) \
 		 --architecture $(DEB_ARCHITECTURE) \
 		 --version $(VERSION)+$(OS_CODENAME) \
-		 --depends "$(PHP_DEPENDENCIES)" \
+		 $(PHP_DEPENDENCIES) \
 		 --deb-priority optional \
 		 --after-install $(PHP_POST_INSTALL_SCRIPT) \
 		 --before-remove $(PHP_PRE_UNINSTALL_SCRIPT) \