diff --git a/el9/Dockerfile b/el9/Dockerfile
index 6c0d51e..c0e1ccf 100644
--- a/el9/Dockerfile
+++ b/el9/Dockerfile
@@ -3,37 +3,33 @@ FROM ${BUILD_FROM}
 
 RUN dnf -y update && dnf -y groupinstall development
 RUN dnf -y install \
+    cyrus-sasl \
+    cyrus-sasl-devel \
+    cyrus-sasl-gssapi \
+    expect \
     jq \
+    krb5-devel \
+    krb5-server \
+    krb5-workstation \
     libatomic \
     ncurses-devel \
     openssl-devel \
     perl-FindBin \
-    python3-pip \
     procps-ng \
+    python3-pip \
     systemd \
     vim \
     wget \
     which
 
-RUN dnf -y install \
-    krb5-workstation \
-    krb5-devel \
-    cyrus-sasl-devel \
-    cyrus-sasl \
-    cyrus-sasl-gssapi
-
-# The following is not necessary for Kerberos authentication but makes testing
-# https://github.com/kafka4beam/sasl_auth easier
-RUN dnf -y install \
-    krb5-server \
-    expect
-
 RUN ln -s /usr/bin/python3 /usr/bin/python
 
 WORKDIR /
 
-COPY get-cmake.sh /get-cmake.sh
-RUN /get-cmake.sh build
+COPY el9/openssl11.sh get-cmake.sh /
+
+RUN /openssl11.sh && rm /openssl11.sh
+RUN /get-cmake.sh build && rm /get-cmake.sh
 
 RUN wget ftp://ftp.unixodbc.org/pub/unixODBC/unixODBC-2.3.11.tar.gz && \
     tar xzf unixODBC-2.3.11.tar.gz && \
diff --git a/el9/openssl11.sh b/el9/openssl11.sh
new file mode 100755
index 0000000..23b8ef6
--- /dev/null
+++ b/el9/openssl11.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+set -eux
+
+dnf install -y make gcc perl-core pcre-devel wget zlib-devel
+wget https://github.com/openssl/openssl/releases/download/OpenSSL_1_1_1w/openssl-1.1.1w.tar.gz
+echo 'cf3098950cb4d853ad95c0841f1f9c6d3dc102dccfcacd521d93925208b76ac8 *openssl-1.1.1w.tar.gz' | sha256sum -c
+tar xfz openssl-1.1.1w.tar.gz
+cd openssl-1.1.1w
+mkdir /usr/local/openssl-1.1.1
+./config --prefix=/usr/local/openssl-1.1.1 --openssldir=/usr/local/openssl-1.1.1 --libdir=lib zlib-dynamic
+make -j$(nproc)
+make install
+ln -s /usr/local/openssl-1.1.1/lib/libssl.so /usr/lib64/libssl.so.1.1
+ln -s /usr/local/openssl-1.1.1/lib/libcrypto.so /usr/lib64/libcrypto.so.1.1
+
+chmod -R 755 /usr/lib64/libssl.so.1.1
+chmod -R 755 /usr/lib64/libcrypto.so.1.1
+
+ldconfig
diff --git a/get-otp.sh b/get-otp.sh
index e1845cf..74bfdc3 100755
--- a/get-otp.sh
+++ b/get-otp.sh
@@ -43,6 +43,12 @@ case "$(uname -m):${OTP_VERSION}" in
         # ARM64 as a workaround while investigating the root cause.
         extra_config="${extra_config} --disable-jit"
         ;;
+    *:24*)
+        # OTP 24 does not play well with OpenSSL 3 which is installed by default on newer platforms
+        if [ -d /usr/local/openssl-1.1.1 ]; then
+            extra_config="--with-ssl=/usr/local/openssl-1.1.1"
+        fi
+        ;;
     *)
         ;;
 esac