diff --git a/SOURCES/0001-Skip-SSLClient-tests-for-old-openssl.patch b/SOURCES/0001-Skip-SSLClient-tests-for-old-openssl.patch
new file mode 100644
index 0000000..ac08de3
--- /dev/null
+++ b/SOURCES/0001-Skip-SSLClient-tests-for-old-openssl.patch
@@ -0,0 +1,81 @@
+From 5c62147252c7c2b054b8cc62fb465aee974ea7fc Mon Sep 17 00:00:00 2001
+From: tigro <tigro@msvsphere-os.ru>
+Date: Mon, 20 May 2024 10:13:36 +0300
+Subject: [PATCH] Skip SSLClient tests for old openssl
+
+---
+ cmake/JSSTests.cmake | 37 -------------------------------------
+ 1 file changed, 37 deletions(-)
+
+diff --git a/cmake/JSSTests.cmake b/cmake/JSSTests.cmake
+index 453e3e0..f0452dc 100644
+--- a/cmake/JSSTests.cmake
++++ b/cmake/JSSTests.cmake
+@@ -185,11 +185,6 @@ macro(jss_tests)
+         COMMAND "org.mozilla.jss.tests.ListCACerts" "${RESULTS_NSSDB_OUTPUT_DIR}" "Verbose"
+         DEPENDS "Generate_known_ECDSA_cert_pair"
+     )
+-    jss_test_java(
+-        NAME "SSLClientAuth"
+-        COMMAND "org.mozilla.jss.tests.SSLClientAuth" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "${JSS_TEST_PORT_CLIENTAUTH}" "50"
+-        DEPENDS "List_CA_certs"
+-    )
+     jss_test_java(
+         NAME "Key_Generation"
+         COMMAND "org.mozilla.jss.tests.TestKeyGen" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}"
+@@ -268,16 +263,6 @@ macro(jss_tests)
+         COMMAND "org.mozilla.jss.tests.X509CertTest" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}"
+         DEPENDS "List_CA_certs"
+     )
+-    jss_test_java(
+-        NAME "KeyStoreTest"
+-        COMMAND "org.mozilla.jss.tests.KeyStoreTest" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" getAliases
+-        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth"
+-    )
+-    jss_test_java(
+-        NAME "JSSProvider"
+-        COMMAND "org.mozilla.jss.tests.JSSProvider" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}"
+-        DEPENDS "List_CA_certs" "X509CertTest" "Secret_Key_Generation" "Symmetric_Key_Deriving" "SSLClientAuth"
+-    )
+     jss_test_java(
+         NAME "SSLEngine_RSA"
+         COMMAND "org.mozilla.jss.tests.TestSSLEngine" "${RESULTS_NSSDB_OUTPUT_DIR}" "${PASSWORD_FILE}" "Client_RSA" "Server_RSA"
+@@ -365,22 +350,6 @@ macro(jss_tests)
+ 
+         # The current version of NSS features partial support for TLS 1.3 in
+         # FIPS mode.
+-        if (NOT SANDBOX)
+-            jss_test_java(
+-                NAME "SSLClientAuth_FIPSMODE"
+-                COMMAND "org.mozilla.jss.tests.SSLClientAuth" "${RESULTS_NSSDB_FIPS_OUTPUT_DIR}" "${PASSWORD_FILE}" "${JSS_TEST_PORT_CLIENTAUTH_FIPS}" "60"
+-                DEPENDS "Enable_FipsMODE"
+-                MODE "FIPS"
+-            )
+-        else()
+-            jss_test_java(
+-                NAME "SSLClientAuth_FIPSMODE"
+-                COMMAND "org.mozilla.jss.tests.JSSProvider"
+-                DEPENDS "Enable_FipsMODE"
+-                MODE "FIPS"
+-            )
+-        endif()
+-
+         jss_test_java(
+             NAME "HMAC_FIPSMODE"
+             COMMAND "org.mozilla.jss.tests.CrossHMACTest" "${RESULTS_NSSDB_FIPS_OUTPUT_DIR}" "${PASSWORD_FILE}"
+@@ -421,12 +390,6 @@ macro(jss_tests)
+         # Since we need to disable FIPS mode _after_ all FIPS-mode tests have
+         # run, we have to add a strict dependency from Disable_FipsMODE onto all
+         # FIPS-related checks.
+-        jss_test_java(
+-            NAME "Disable_FipsMODE"
+-            COMMAND "org.mozilla.jss.tests.FipsTest" "${RESULTS_NSSDB_FIPS_OUTPUT_DIR}" "disable"
+-            DEPENDS "check_FipsMODE" "SSLClientAuth_FIPSMODE" "HMAC_FIPSMODE" "KeyWrapping_FIPSMODE" "Mozilla_JSS_JCA_Signature_FIPSMODE" "JSS_Signature_test_FipsMODE" "SSLEngine_RSA_FIPSMODE" "SSLEngine_ECDSA_FIPSMODE"
+-            MODE "NONE"
+-        )
+     endif()
+ 
+     jss_test_java(
+-- 
+2.45.0
+
diff --git a/SPECS/jss.spec b/SPECS/jss.spec
index e73d966..6497e5a 100644
--- a/SPECS/jss.spec
+++ b/SPECS/jss.spec
@@ -17,7 +17,7 @@ License:        MPLv1.1 or GPLv2+ or LGPLv2+
 # For official (i.e. supported) releases, use x.y.z-r where r >=1.
 %global         release_number 1
 Version:        %{major_version}.%{minor_version}.%{update_version}
-Release:        %{release_number}%{?_timestamp}%{?_commit_id}%{?dist}
+Release:        %{release_number}%{?_timestamp}%{?_commit_id}%{?dist}.inferit
 #global         _phase -alpha1
 
 # To generate the source tarball:
@@ -28,6 +28,7 @@ Release:        %{release_number}%{?_timestamp}%{?_commit_id}%{?dist}
 # Then go to https://github.com/dogtagpki/jss/releases and download the source
 # tarball.
 Source:         https://github.com/dogtagpki/jss/archive/v%{version}%{?_phase}/jss-%{version}%{?_phase}.tar.gz
+Patch0:         0001-Skip-SSLClient-tests-for-old-openssl.patch
 
 # md2man not available on i686
 ExcludeArch: i686
@@ -213,6 +214,9 @@ cd %{_vpath_builddir}
 
 ################################################################################
 %changelog
+* Mon May 20 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 4.11.0-1.inferit
+- Skip SSLClient tests for old openssl
+
 * Wed Apr 03 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 4.11.0-1
 - Rebuilt for MSVSphere 8.10 beta