diff --git a/0086-avoid-bio-memleak.patch b/0086-avoid-bio-memleak.patch
new file mode 100644
index 0000000..865cd98
--- /dev/null
+++ b/0086-avoid-bio-memleak.patch
@@ -0,0 +1,48 @@
+From 3d046c4d047a55123beeceffe9f8bae09159445e Mon Sep 17 00:00:00 2001
+From: yangyangtiantianlonglong <yangtianlong1224@163.com>
+Date: Wed, 19 Jan 2022 11:19:52 +0800
+Subject: [PATCH] Fix the same BIO_FLAGS macro definition
+
+Also add comment to the public header to avoid
+making another conflict in future.
+
+Fixes #17545
+
+Reviewed-by: Paul Dale <pauli@openssl.org>
+Reviewed-by: Tomas Mraz <tomas@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/17546)
+
+(cherry picked from commit e278f18563dd3dd67c00200ee30402f48023c6ef)
+---
+ include/internal/bio.h   | 2 +-
+ include/openssl/bio.h.in | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/include/internal/bio.h b/include/internal/bio.h
+index 2d36a7b980f2..02f7222ab4f1 100644
+--- a/include/internal/bio.h
++++ b/include/internal/bio.h
+@@ -48,9 +48,9 @@ int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);
+  * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next.
+  * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving.
+  */
+-# define BIO_FLAGS_KTLS_TX          0x800
+ # define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000
+ # define BIO_FLAGS_KTLS_RX          0x2000
++# define BIO_FLAGS_KTLS_TX          0x4000
+ 
+ /* KTLS related controls and flags */
+ # define BIO_set_ktls_flag(b, is_tx) \
+diff --git a/include/openssl/bio.h.in b/include/openssl/bio.h.in
+index 2c65b7e1a79b..686dad3099b7 100644
+--- a/include/openssl/bio.h.in
++++ b/include/openssl/bio.h.in
+@@ -209,6 +209,8 @@ extern "C" {
+ # define BIO_FLAGS_NONCLEAR_RST  0x400
+ # define BIO_FLAGS_IN_EOF        0x800
+ 
++/* the BIO FLAGS values 0x1000 to 0x4000 are reserved for internal KTLS flags */
++
+ typedef union bio_addr_st BIO_ADDR;
+ typedef struct bio_addrinfo_st BIO_ADDRINFO;
+ 
diff --git a/openssl.spec b/openssl.spec
index 1920921..6a74150 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -166,6 +166,8 @@ Patch78: 0078-Add-FIPS-indicator-parameter-to-HKDF.patch
 Patch79: 0079-CVE-2022-3602.patch
 #https://bugzilla.redhat.com/show_bug.cgi?id=2142121
 Patch85: 0085-FIPS-RSA-disable-shake.patch
+#https://github.com/openssl/openssl/pull/17546
+Patch86: 0086-avoid-bio-memleak.patch
 
 License: ASL 2.0
 URL: http://www.openssl.org/
@@ -499,6 +501,8 @@ install -m644 %{SOURCE9} \
 * Mon Nov 14 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-44
 - SHAKE-128/256 are not allowed with RSA in FIPS mode
   Resolves: rhbz#2144010
+- Avoid memory leaks in TLS
+  Resolves: rhbz#2144008
 
 * Tue Nov 01 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-43
 - CVE-2022-3602: X.509 Email Address Buffer Overflow