diff --git a/0134-engine-based-ECDHE-kex.patch b/0134-engine-based-ECDHE-kex.patch
new file mode 100644
index 0000000..fee56f7
--- /dev/null
+++ b/0134-engine-based-ECDHE-kex.patch
@@ -0,0 +1,47 @@
+diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
+index 448a3c3043c1c..9010fa6c4638c 100644
+--- a/crypto/evp/ctrl_params_translate.c
++++ b/crypto/evp/ctrl_params_translate.c
+@@ -1134,6 +1134,7 @@ static int fix_ec_paramgen_curve_nid(enum state state,
+                                      const struct translation_st *translation,
+                                      struct translation_ctx_st *ctx)
+ {
++    char *p2 = NULL;
+     int ret;
+ 
+     if ((ret = default_check(state, translation, ctx)) <= 0)
+@@ -1146,13 +1147,25 @@ static int fix_ec_paramgen_curve_nid(enum state state,
+     if (state == PRE_CTRL_TO_PARAMS) {
+         ctx->p2 = (char *)OBJ_nid2sn(ctx->p1);
+         ctx->p1 = 0;
++    } else if (state == PRE_PARAMS_TO_CTRL) {
++        /*
++         * We're translating from params to ctrl and setting the curve name.
++         * The ctrl function needs it to be a NID, but meanwhile, we need
++         * space to get the curve name from the param.  |ctx->name_buf| is
++         * sufficient for that.
++         * The double indirection is necessary for default_fixup_args()'s
++         * call of OSSL_PARAM_get_utf8_string() to be done correctly.
++         */
++        p2 = ctx->name_buf;
++        ctx->p2 = &p2;
++        ctx->sz = sizeof(ctx->name_buf);
+     }
+ 
+     if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
+         return ret;
+ 
+     if (state == PRE_PARAMS_TO_CTRL) {
+-        ctx->p1 = OBJ_sn2nid(ctx->p2);
++        ctx->p1 = OBJ_sn2nid(p2);
+         ctx->p2 = NULL;
+     }
+ 
+@@ -2789,6 +2802,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
+             if (translation->fixup_args != NULL)
+                 fixup = translation->fixup_args;
+             ctx.action_type = translation->action_type;
++            ctx.ctrl_cmd = translation->ctrl_num;
+         }
+         ctx.pctx = pctx;
+         ctx.params = params;
diff --git a/openssl.spec b/openssl.spec
index df98386..ec1af2e 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -210,6 +210,8 @@ Patch131: 0131-sslgroups-memleak.patch
 Patch132: 0132-CVE-2023-6129.patch
 # https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a
 Patch133: 0133-CVE-2023-6237.patch
+# https://github.com/openssl/openssl/pull/20780
+Patch134: 0134-engine-based-ECDHE-kex.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -550,6 +552,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
   Resolves: RHEL-21151
 - Excessive time spent checking invalid RSA public keys (CVE-2023-6237)
   Resolves: RHEL-21654
+- SSL ECDHE Kex fails when pkcs11 engine is set in config file
+  Resolves: RHEL-20249
 
 * Mon Oct 16 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.7-25
 - Provide relevant diagnostics when FIPS checksum is corrupted