diff --git a/.github/docker_images/aws-lc/ubuntu/Dockerfile.2404 b/.github/docker_images/aws-lc/ubuntu/Dockerfile.2404
index 795154ff215..9a70e78a8de 100644
--- a/.github/docker_images/aws-lc/ubuntu/Dockerfile.2404
+++ b/.github/docker_images/aws-lc/ubuntu/Dockerfile.2404
@@ -18,7 +18,11 @@ apt-get -y --no-install-recommends install \
     cmake \
     curl \
     git \
+    libffi-dev \
+    libgmp-dev \
+    libssl-dev \
     libunwind-dev \
+    libyaml-dev \
     lld \
     llvm \
     llvm-dev \
@@ -27,7 +31,8 @@ apt-get -y --no-install-recommends install \
     pkg-config \
     software-properties-common \
     unzip \
-    wget
+    wget \
+    zlib1g-dev
 apt-get autoremove --purge -y
 apt-get clean
 apt-get autoclean
@@ -63,4 +68,14 @@ setup_script="/tmp/setup-go-compiler.sh"
 ${setup_script}
 EOF
 
+# Install Ruby
+ENV RBENV_ROOT="/.rbenv"
+ENV PATH="${RBENV_ROOT}/shims:${RBENV_ROOT}/bin:$PATH"
+
+COPY --from=scripts setup-ruby.sh /tmp
+RUN <<EOF
+setup_script="/tmp/setup-ruby.sh"
+${setup_script}
+EOF
+
 RUN rm -rf /tmp/*
diff --git a/.github/workflows/integration_omnibus.yml b/.github/workflows/integration_omnibus.yml
index e1629620d99..f1b873d6cdd 100644
--- a/.github/workflows/integration_omnibus.yml
+++ b/.github/workflows/integration_omnibus.yml
@@ -457,7 +457,7 @@ jobs:
       - uses: ./.github/actions/codebuild-docker-run
         name: Run Container
         with:
-          image: ${{ steps.login-ecr.outputs.registry }}/aws-lc/ubuntu:22.04
+          image: ${{ steps.login-ecr.outputs.registry }}/aws-lc/ubuntu:24.04
           env: |
             FIPS
           ipv6: true
diff --git a/tests/ci/integration/ruby_patch/ruby_3_3/aws-lc-ruby-temp.patch b/tests/ci/integration/ruby_patch/ruby_3_3/aws-lc-ruby.patch
similarity index 79%
rename from tests/ci/integration/ruby_patch/ruby_3_3/aws-lc-ruby-temp.patch
rename to tests/ci/integration/ruby_patch/ruby_3_3/aws-lc-ruby.patch
index 4a0d76f00fa..c3334c811fc 100644
--- a/tests/ci/integration/ruby_patch/ruby_3_3/aws-lc-ruby-temp.patch
+++ b/tests/ci/integration/ruby_patch/ruby_3_3/aws-lc-ruby.patch
@@ -1,4 +1,4 @@
-diff --git ruby/ext/openssl/ossl.c ruby/ext/openssl/ossl.c
+diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
 index 00eded5..86cc918 100644
 --- a/ext/openssl/ossl.c
 +++ b/ext/openssl/ossl.c
@@ -18,21 +18,21 @@ index 00eded5..86cc918 100644
 -#elif defined(OPENSSL_FIPS)
 +#elif defined(OPENSSL_FIPS) || defined(OPENSSL_IS_AWSLC)
      if (RTEST(enabled)) {
-     int mode = FIPS_mode();
-     if(!mode && !FIPS_mode_set(1)) /* turning on twice leads to an error */
+ 	int mode = FIPS_mode();
+ 	if(!mode && !FIPS_mode_set(1)) /* turning on twice leads to an error */
 @@ -1113,6 +1113,8 @@ Init_openssl(void)
                      Qtrue
  #elif defined(OPENSSL_FIPS)
-              Qtrue
+ 		    Qtrue
 +#elif defined(OPENSSL_IS_AWSLC) // AWS-LC FIPS can only be enabled during compile time.
 +            FIPS_mode() ? Qtrue : Qfalse
  #else
-              Qfalse
+ 		    Qfalse
  #endif
-diff --git ruby/ext/openssl/ossl_pkcs12.c ruby/ext/openssl/ossl_pkcs12.c
-index fb947df..969aa25 100644
---- ruby/ext/openssl/ossl_pkcs12.c
-+++ ruby/ext/openssl/ossl_pkcs12.c
+diff --git a/ext/openssl/ossl_pkcs12.c b/ext/openssl/ossl_pkcs12.c
+index 164b2da..c4a8f94 100644
+--- a/ext/openssl/ossl_pkcs12.c
++++ b/ext/openssl/ossl_pkcs12.c
 @@ -134,6 +134,12 @@ ossl_pkcs12_s_create(int argc, VALUE *argv, VALUE self)
      if (!NIL_P(keytype))
          ktype = NUM2INT(keytype);
@@ -46,12 +46,12 @@ index fb947df..969aa25 100644
      obj = NewPKCS12(cPKCS12);
      x509s = NIL_P(ca) ? NULL : ossl_x509_ary2sk(ca);
      p12 = PKCS12_create(passphrase, friendlyname, key, x509, x509s,
-diff --git ruby/ext/openssl/ossl_pkey_ec.c ruby/ext/openssl/ossl_pkey_ec.c
-index 92842f9..1af95d0 100644
---- ruby/ext/openssl/ossl_pkey_ec.c
-+++ ruby/ext/openssl/ossl_pkey_ec.c
-@@ -601,8 +601,11 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
-          ossl_clear_error(); /* ignore errors in d2i_ECPKParameters_bio() */
+diff --git a/ext/openssl/ossl_pkey_ec.c b/ext/openssl/ossl_pkey_ec.c
+index 4b3a1fd..72c14ad 100644
+--- a/ext/openssl/ossl_pkey_ec.c
++++ b/ext/openssl/ossl_pkey_ec.c
+@@ -657,8 +657,11 @@ static VALUE ossl_ec_group_initialize(int argc, VALUE *argv, VALUE self)
+ 		ossl_clear_error(); /* ignore errors in d2i_ECPKParameters_bio() */
                  if (nid == NID_undef)
                      ossl_raise(eEC_GROUP, "unknown curve name (%"PRIsVALUE")", arg1);
 -
@@ -63,7 +63,7 @@ index 92842f9..1af95d0 100644
                  if (group == NULL)
                      ossl_raise(eEC_GROUP, "unable to create curve (%"PRIsVALUE")", arg1);
  
-@@ -1311,7 +1314,7 @@ static VALUE ossl_ec_point_make_affine(VALUE self)
+@@ -1367,7 +1370,7 @@ static VALUE ossl_ec_point_make_affine(VALUE self)
      GetECPointGroup(self, group);
  
      rb_warn("OpenSSL::PKey::EC::Point#make_affine! is deprecated");
@@ -72,19 +72,19 @@ index 92842f9..1af95d0 100644
      if (EC_POINT_make_affine(group, point, ossl_bn_ctx) != 1)
          ossl_raise(eEC_POINT, "EC_POINT_make_affine");
  #endif
-@@ -1460,7 +1463,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self)
-     if (EC_POINT_mul(group, point_result, bn_g, point_self, bn, ossl_bn_ctx) != 1)
-         ossl_raise(eEC_POINT, NULL);
+@@ -1516,7 +1519,7 @@ static VALUE ossl_ec_point_mul(int argc, VALUE *argv, VALUE self)
+ 	if (EC_POINT_mul(group, point_result, bn_g, point_self, bn, ossl_bn_ctx) != 1)
+ 	    ossl_raise(eEC_POINT, NULL);
      } else {
 -#if (defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3) || defined(LIBRESSL_VERSION_NUMBER)
 +#if (defined(OPENSSL_VERSION_MAJOR) && OPENSSL_VERSION_MAJOR >= 3) || defined(LIBRESSL_VERSION_NUMBER) || defined(OPENSSL_IS_AWSLC)
          rb_raise(rb_eNotImpError, "calling #mul with arrays is not" \
                   "supported by this OpenSSL version");
  #else
-diff --git ruby/ext/openssl/ossl_ssl.c ruby/ext/openssl/ossl_ssl.c
-index f639926..4c74476 100644
---- ruby/ext/openssl/ossl_ssl.c
-+++ ruby/ext/openssl/ossl_ssl.c
+diff --git a/ext/openssl/ossl_ssl.c b/ext/openssl/ossl_ssl.c
+index 236d455..79ba682 100644
+--- a/ext/openssl/ossl_ssl.c
++++ b/ext/openssl/ossl_ssl.c
 @@ -821,7 +821,9 @@ ossl_sslctx_setup(VALUE self)
  #endif
  
@@ -95,20 +95,20 @@ index f639926..4c74476 100644
  #endif
  
      val = rb_attr_get(self, id_i_cert_store);
-@@ -1241,7 +1241,7 @@ ossl_sslctx_set_security_level(VALUE self, VALUE value)
+@@ -1241,7 +1243,7 @@ ossl_sslctx_set_security_level(VALUE self, VALUE value)
      rb_check_frozen(self);
      GetSSLCTX(self, ctx);
-
+ 
 -#if defined(HAVE_SSL_CTX_GET_SECURITY_LEVEL)
 +#if defined(HAVE_SSL_CTX_GET_SECURITY_LEVEL) && !defined(OPENSSL_IS_AWSLC)
      SSL_CTX_set_security_level(ctx, NUM2INT(value));
  #else
      (void)ctx;
-diff --git ruby/test/openssl/test_asn1.rb ruby/test/openssl/test_asn1.rb
-index 7b1722e..e09d680 100644
---- ruby/test/openssl/test_asn1.rb
-+++ ruby/test/openssl/test_asn1.rb
-@@ -451,7 +451,7 @@ class  OpenSSL::TestASN1 < OpenSSL::TestCase
+diff --git a/test/openssl/test_asn1.rb b/test/openssl/test_asn1.rb
+index 354b587..869ecc0 100644
+--- a/test/openssl/test_asn1.rb
++++ b/test/openssl/test_asn1.rb
+@@ -458,7 +458,7 @@ def test_basic_asn1data
      encode_decode_test B(%w{ 81 00 }), OpenSSL::ASN1::ASN1Data.new(B(%w{}), 1, :CONTEXT_SPECIFIC)
      encode_decode_test B(%w{ C1 00 }), OpenSSL::ASN1::ASN1Data.new(B(%w{}), 1, :PRIVATE)
      encode_decode_test B(%w{ 1F 20 00 }), OpenSSL::ASN1::ASN1Data.new(B(%w{}), 32, :UNIVERSAL)
@@ -117,11 +117,11 @@ index 7b1722e..e09d680 100644
      encode_decode_test B(%w{ 41 02 AB CD }), OpenSSL::ASN1::ASN1Data.new(B(%w{ AB CD }), 1, :APPLICATION)
      encode_decode_test B(%w{ 41 81 80 } + %w{ AB CD } * 64), OpenSSL::ASN1::ASN1Data.new(B(%w{ AB CD } * 64), 1, :APPLICATION)
      encode_decode_test B(%w{ 41 82 01 00 } + %w{ AB CD } * 128), OpenSSL::ASN1::ASN1Data.new(B(%w{ AB CD } * 128), 1, :APPLICATION)
-diff --git ruby/test/openssl/test_bn.rb ruby/test/openssl/test_bn.rb
-index 77af140..d2007f4 100644
---- ruby/test/openssl/test_bn.rb
-+++ ruby/test/openssl/test_bn.rb
-@@ -319,6 +319,8 @@ class OpenSSL::TestBN < OpenSSL::TestCase
+diff --git a/test/openssl/test_bn.rb b/test/openssl/test_bn.rb
+index 3edb696..ff21953 100644
+--- a/test/openssl/test_bn.rb
++++ b/test/openssl/test_bn.rb
+@@ -321,6 +321,8 @@ def test_argument_error
    end
  
    def test_get_flags_and_set_flags
@@ -130,22 +130,22 @@ index 77af140..d2007f4 100644
      e = OpenSSL::BN.new(999)
  
      assert_equal(0, e.get_flags(OpenSSL::BN::CONSTTIME))
-@@ -362,7 +364,9 @@ class OpenSSL::TestBN < OpenSSL::TestCase
-       assert_equal(true, Ractor.new(@e2) { _1.negative? }.take)
-       assert_include(128..255, Ractor.new { OpenSSL::BN.rand(8)}.take)
-       assert_include(0...2**32, Ractor.new { OpenSSL::BN.generate_prime(32) }.take)
--      assert_equal(0, Ractor.new { OpenSSL::BN.new(999).get_flags(OpenSSL::BN::CONSTTIME) }.take)
+@@ -372,7 +374,9 @@ def test_ractor
+       assert_equal(true, Ractor.new(@e2) { _1.negative? }.value)
+       assert_include(128..255, Ractor.new { OpenSSL::BN.rand(8)}.value)
+       assert_include(0...2**32, Ractor.new { OpenSSL::BN.generate_prime(32) }.value)
+-      assert_equal(0, Ractor.new { OpenSSL::BN.new(999).get_flags(OpenSSL::BN::CONSTTIME) }.value)
 +      if !aws_lc? # AWS-LC does not support BN::CONSTTIME.
-+        assert_equal(0, Ractor.new { OpenSSL::BN.new(999).get_flags(OpenSSL::BN::CONSTTIME) }.take)
++        assert_equal(0, Ractor.new { OpenSSL::BN.new(999).get_flags(OpenSSL::BN::CONSTTIME) }.value)
 +      end
+       # test if shareable when frozen
+       assert Ractor.shareable?(@e1.freeze)
      end
-   end
- end
-diff --git ruby/test/openssl/test_config.rb ruby/test/openssl/test_config.rb
-index 24a215a..7139e30 100644
---- ruby/test/openssl/test_config.rb
-+++ ruby/test/openssl/test_config.rb
-@@ -42,6 +42,9 @@ __EOD__
+diff --git a/test/openssl/test_config.rb b/test/openssl/test_config.rb
+index 6dbb9c6..381d82c 100644
+--- a/test/openssl/test_config.rb
++++ b/test/openssl/test_config.rb
+@@ -42,6 +42,9 @@ def test_s_parse
    end
  
    def test_s_parse_format
@@ -155,7 +155,7 @@ index 24a215a..7139e30 100644
      c = OpenSSL::Config.parse(<<__EOC__)
   baz =qx\t                # "baz = qx"
  
-@@ -215,13 +218,15 @@ __EOC__
+@@ -211,13 +214,15 @@ def test_get_value
      assert_raise(TypeError) do
        @it.get_value(nil, 'HOME') # not allowed unlike Config#value
      end
@@ -175,11 +175,11 @@ index 24a215a..7139e30 100644
  
      key = ENV.keys.first
      assert_not_nil(key) # make sure we have at least one ENV var.
-diff --git ruby/test/openssl/test_fips.rb ruby/test/openssl/test_fips.rb
-index 8cd474f..d811590 100644
---- ruby/test/openssl/test_fips.rb
-+++ ruby/test/openssl/test_fips.rb
-@@ -28,6 +24,8 @@ def test_fips_mode_get_is_false_on_fips_mode_disabled
+diff --git a/test/openssl/test_fips.rb b/test/openssl/test_fips.rb
+index 4a3dd43..8a33cec 100644
+--- a/test/openssl/test_fips.rb
++++ b/test/openssl/test_fips.rb
+@@ -28,6 +28,8 @@ def test_fips_mode_get_is_false_on_fips_mode_disabled
    end
  
    def test_fips_mode_is_reentrant
@@ -188,7 +188,7 @@ index 8cd474f..d811590 100644
      assert_separately(["-ropenssl"], <<~"end;")
        OpenSSL.fips_mode = false
        OpenSSL.fips_mode = false
-@@ -35,7 +33,7 @@ def test_fips_mode_is_reentrant
+@@ -35,7 +37,7 @@ def test_fips_mode_is_reentrant
    end
  
    def test_fips_mode_get_with_fips_mode_set
@@ -197,11 +197,11 @@ index 8cd474f..d811590 100644
  
      assert_separately(["-ropenssl"], <<~"end;")
        begin
-diff --git ruby/test/openssl/test_pkcs12.rb ruby/test/openssl/test_pkcs12.rb
-index ec67674..be21f47 100644
---- ruby/test/openssl/test_pkcs12.rb
-+++ ruby/test/openssl/test_pkcs12.rb
-@@ -159,7 +159,6 @@ module OpenSSL
+diff --git a/test/openssl/test_pkcs12.rb b/test/openssl/test_pkcs12.rb
+index e6b91b5..8a87776 100644
+--- a/test/openssl/test_pkcs12.rb
++++ b/test/openssl/test_pkcs12.rb
+@@ -159,7 +159,6 @@ def test_create_with_mac_itr
          DEFAULT_PBE_PKEYS,
          DEFAULT_PBE_CERTS,
          nil,
@@ -209,11 +209,11 @@ index ec67674..be21f47 100644
          2048
        )
  
-diff --git ruby/test/openssl/test_pkcs7.rb ruby/test/openssl/test_pkcs7.rb
-index ba8b93d..358d61b 100644
---- ruby/test/openssl/test_pkcs7.rb
-+++ ruby/test/openssl/test_pkcs7.rb
-@@ -191,6 +191,8 @@ class OpenSSL::TestPKCS7 < OpenSSL::TestCase
+diff --git a/test/openssl/test_pkcs7.rb b/test/openssl/test_pkcs7.rb
+index 96f3f1f..d64c009 100644
+--- a/test/openssl/test_pkcs7.rb
++++ b/test/openssl/test_pkcs7.rb
+@@ -206,6 +206,8 @@ def test_set_type_encrypted
    end
  
    def test_smime
@@ -222,7 +222,7 @@ index ba8b93d..358d61b 100644
      store = OpenSSL::X509::Store.new
      store.add_cert(@ca_cert)
      ca_certs = [@ca_cert]
-@@ -213,6 +215,8 @@ END
+@@ -228,6 +230,8 @@ def test_smime
    end
  
    def test_degenerate_pkcs7
@@ -231,7 +231,7 @@ index ba8b93d..358d61b 100644
      ca_cert_pem = <<END
  -----BEGIN CERTIFICATE-----
  MIID4DCCAsigAwIBAgIJAL1oVI72wmQwMA0GCSqGSIb3DQEBBQUAMFMxCzAJBgNV
-@@ -250,6 +254,8 @@ END
+@@ -265,6 +269,8 @@ def test_degenerate_pkcs7
    end
  
    def test_split_content
@@ -239,11 +239,11 @@ index ba8b93d..358d61b 100644
 +
       pki_message_pem = <<END
  -----BEGIN PKCS7-----
- MIIHSwYJKoZIhvcNAQcCoIIHPDCCBzgCAQExCzAJBgUrDgMCGgUAMIIDiAYJKoZI 
-diff --git ruby/test/openssl/test_pkey_dh.rb ruby/test/openssl/test_pkey_dh.rb
-index 161af18..377f178 100644
---- ruby/test/openssl/test_pkey_dh.rb
-+++ ruby/test/openssl/test_pkey_dh.rb
+ MIIHSwYJKoZIhvcNAQcCoIIHPDCCBzgCAQExCzAJBgUrDgMCGgUAMIIDiAYJKoZI
+diff --git a/test/openssl/test_pkey_dh.rb b/test/openssl/test_pkey_dh.rb
+index d32ffaf..9ac0029 100644
+--- a/test/openssl/test_pkey_dh.rb
++++ b/test/openssl/test_pkey_dh.rb
 @@ -28,7 +28,7 @@ def test_new_break_on_non_fips
    end
  
@@ -253,7 +253,7 @@ index 161af18..377f178 100644
  
      # The block argument is not executed in FIPS case.
      # See https://github.com/ruby/openssl/issues/692 for details.
-@@ -99,11 +99,22 @@ class OpenSSL::TestPKeyDH < OpenSSL::PKeyTestCase
+@@ -123,11 +123,22 @@ def test_params_ok?
      ]))
      assert_equal(true, dh1.params_ok?)
  
@@ -281,11 +281,11 @@ index 161af18..377f178 100644
    end
  
    def test_dup
-diff --git ruby/test/openssl/test_pkey_dsa.rb ruby/test/openssl/test_pkey_dsa.rb
-index d105909..7df0060 100644
---- ruby/test/openssl/test_pkey_dsa.rb
-+++ ruby/test/openssl/test_pkey_dsa.rb
-@@ -79,19 +79,19 @@ class OpenSSL::TestPKeyDSA < OpenSSL::PKeyTestCase
+diff --git a/test/openssl/test_pkey_dsa.rb b/test/openssl/test_pkey_dsa.rb
+index 35c3945..b6bc496 100644
+--- a/test/openssl/test_pkey_dsa.rb
++++ b/test/openssl/test_pkey_dsa.rb
+@@ -85,19 +85,19 @@ def test_sign_verify_raw
      sig = key.syssign(digest)
      assert_equal true, key.sysverify(digest, sig)
      assert_equal false, key.sysverify(digest, invalid_sig)
@@ -309,11 +309,11 @@ index d105909..7df0060 100644
    end
  
    def test_DSAPrivateKey
-diff --git ruby/test/openssl/test_pkey_ec.rb ruby/test/openssl/test_pkey_ec.rb
-index e5fef94..325b1a5 100644
---- ruby/test/openssl/test_pkey_ec.rb
-+++ ruby/test/openssl/test_pkey_ec.rb
-@@ -91,11 +91,20 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase
+diff --git a/test/openssl/test_pkey_ec.rb b/test/openssl/test_pkey_ec.rb
+index 2cb8e28..d235692 100644
+--- a/test/openssl/test_pkey_ec.rb
++++ b/test/openssl/test_pkey_ec.rb
+@@ -88,11 +88,20 @@ def test_check_key
      assert_equal(true, key2.check_key)
  
      # Behavior of EVP_PKEY_public_check changes between OpenSSL 1.1.1 and 3.0
@@ -339,7 +339,7 @@ index e5fef94..325b1a5 100644
  
      # EC#private_key= is deprecated in 3.0 and won't work on OpenSSL 3.0
      if !openssl?(3, 0, 0)
-@@ -146,19 +155,19 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase
+@@ -143,19 +152,19 @@ def test_sign_verify_raw
      sig = key.dsa_sign_asn1(data1)
      assert_equal true, key.dsa_verify_asn1(data1, sig)
      assert_equal false, key.dsa_verify_asn1(data2, sig)
@@ -363,7 +363,7 @@ index e5fef94..325b1a5 100644
    end
  
    def test_dsa_sign_asn1_FIPS186_3
-@@ -301,7 +310,10 @@ class OpenSSL::TestEC < OpenSSL::PKeyTestCase
+@@ -300,7 +309,10 @@ def test_ec_group
      assert_equal group1.to_der, group2.to_der
      assert_equal group1, group2
      group2.asn1_flag ^=OpenSSL::PKey::EC::NAMED_CURVE
@@ -432,11 +432,11 @@ index 61c55c6..3c7ada7 100644
      end
    end
  
-diff --git ruby/test/openssl/test_ssl.rb ruby/test/openssl/test_ssl.rb
-index db76f1d..4daa467 100644
---- ruby/test/openssl/test_ssl.rb
-+++ ruby/test/openssl/test_ssl.rb
-@@ -420,7 +420,7 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
+diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
+index 07dc9a3..88b5d9e 100644
+--- a/test/openssl/test_ssl.rb
++++ b/test/openssl/test_ssl.rb
+@@ -420,7 +420,7 @@ def test_verify_result
        ssl.sync_close = true
        begin
          assert_raise(OpenSSL::SSL::SSLError){ ssl.connect }
@@ -445,7 +445,7 @@ index db76f1d..4daa467 100644
        ensure
          ssl.close
        end
-@@ -523,6 +523,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
+@@ -557,6 +557,8 @@ def test_sslctx_set_params
    end
  
    def test_post_connect_check_with_anon_ciphers
@@ -464,7 +464,7 @@ index db76f1d..4daa467 100644
          server_connect(port, ctx)
        }
      }
-@@ -1494,20 +1496,22 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
+@@ -1530,20 +1533,22 @@ def test_get_ephemeral_key
        end
      end
  
@@ -500,7 +500,7 @@ index db76f1d..4daa467 100644
      end
  
      # ECDHE
-@@ -1571,12 +1575,13 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
+@@ -1607,12 +1612,13 @@ def test_fallback_scsv
        ctx2.enable_fallback_scsv
        ctx2.max_version = OpenSSL::SSL::TLS1_1_VERSION
        s2 = OpenSSL::SSL::SSLSocket.new(sock2, ctx2)
@@ -516,7 +516,7 @@ index db76f1d..4daa467 100644
          s1.accept
        }
        t.join
-@@ -1587,6 +1592,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
+@@ -1623,6 +1629,8 @@ def test_fallback_scsv
    end
  
    def test_tmp_dh_callback
@@ -525,7 +525,7 @@ index db76f1d..4daa467 100644
      dh = Fixtures.pkey("dh-1")
      called = false
      ctx_proc = -> ctx {
-@@ -1652,9 +1659,10 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
+@@ -1688,9 +1696,10 @@ def test_ciphersuites_method_bogus_csuite
      ssl_ctx = OpenSSL::SSL::SSLContext.new
      pend 'ciphersuites= method is missing' unless ssl_ctx.respond_to?(:ciphersuites=)
  
@@ -537,7 +537,7 @@ index db76f1d..4daa467 100644
      ) { ssl_ctx.ciphersuites = 'BOGUS' }
    end
  
-@@ -1696,13 +1704,16 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
+@@ -1732,13 +1741,16 @@ def test_ciphers_method_bogus_csuite
  
      ssl_ctx = OpenSSL::SSL::SSLContext.new
  
@@ -555,7 +555,7 @@ index db76f1d..4daa467 100644
      ctx_proc = -> ctx {
        ctx.max_version = :TLS1_2
        ctx.ciphers = "DH:!NULL" # use DH
-@@ -1718,6 +1729,8 @@ class OpenSSL::TestSSL < OpenSSL::SSLTestCase
+@@ -1754,6 +1766,8 @@ def test_connect_works_when_setting_dh_callback_to_nil
    end
  
    def test_tmp_dh
@@ -564,11 +564,11 @@ index db76f1d..4daa467 100644
      dh = Fixtures.pkey("dh-1")
      ctx_proc = -> ctx {
        ctx.max_version = :TLS1_2
-diff --git ruby/test/openssl/test_ssl_session.rb ruby/test/openssl/test_ssl_session.rb
-index b243201..0059fb0 100644
---- ruby/test/openssl/test_ssl_session.rb
-+++ ruby/test/openssl/test_ssl_session.rb
-@@ -28,9 +28,10 @@ class OpenSSL::TestSSLSession < OpenSSL::SSLTestCase
+diff --git a/test/openssl/test_ssl_session.rb b/test/openssl/test_ssl_session.rb
+index 89cf672..4e6c9cb 100644
+--- a/test/openssl/test_ssl_session.rb
++++ b/test/openssl/test_ssl_session.rb
+@@ -28,9 +28,10 @@ def test_session
      end
    end
  
@@ -580,7 +580,7 @@ index b243201..0059fb0 100644
  MQQwyGLbkCxE4OiMLdKKem+pyh8V7ifoP7tCxhdmwoDlJxI1v6nVCjai+FGYuncy
  NNSWoQYCBE4DDWuiAwIBCqOCAo4wggKKMIIBcqADAgECAgECMA0GCSqGSIb3DQEB
  BQUAMD0xEzARBgoJkiaJk/IsZAEZFgNvcmcxGTAXBgoJkiaJk/IsZAEZFglydWJ5
-@@ -54,9 +55,10 @@ j+RBGfCFrrQbBdnkFI/ztgM=
+@@ -54,9 +55,10 @@ def test_session
  -----END SSL SESSION PARAMETERS-----
  __EOS__
  
@@ -592,7 +592,7 @@ index b243201..0059fb0 100644
  lAQw9TrKzrIqlHEh6ltuQaqv/Aq83AmaAlogYktZgXAjOGnhX7ifJDNLMuCfQq53
  hPAaoQYCBE4iDeeiBAICASyjggKOMIICijCCAXKgAwIBAgIBAjANBgkqhkiG9w0B
  AQUFADA9MRMwEQYKCZImiZPyLGQBGRYDb3JnMRkwFwYKCZImiZPyLGQBGRYJcnVi
-@@ -120,7 +122,8 @@ __EOS__
+@@ -120,7 +122,8 @@ def test_resumption
        ctx.options &= ~OpenSSL::SSL::OP_NO_TICKET
        # Disable server-side session cache which is enabled by default
        ctx.session_cache_mode = OpenSSL::SSL::SSLContext::SESSION_CACHE_OFF
@@ -602,7 +602,7 @@ index b243201..0059fb0 100644
      }
      start_server(ctx_proc: ctx_proc) do |port|
        sess1 = server_connect_with_session(port, nil, nil) { |ssl|
-@@ -238,14 +241,18 @@ __EOS__
+@@ -238,14 +241,18 @@ def test_ctx_client_session_cb
        end
  
        server_connect_with_session(port, ctx, nil) { |ssl|
@@ -626,11 +626,11 @@ index b243201..0059fb0 100644
        }
      end
    end
-diff --git ruby/test/openssl/test_x509store.rb ruby/test/openssl/test_x509store.rb
+diff --git a/test/openssl/test_x509store.rb b/test/openssl/test_x509store.rb
 index d6c0e70..dad4036 100644
---- ruby/test/openssl/test_x509store.rb
-+++ ruby/test/openssl/test_x509store.rb
-@@ -331,7 +331,7 @@ class OpenSSL::TestX509Store < OpenSSL::TestCase
+--- a/test/openssl/test_x509store.rb
++++ b/test/openssl/test_x509store.rb
+@@ -331,7 +331,7 @@ def test_verify_with_crl
    def test_add_cert_duplicate
      # Up until OpenSSL 1.1.0, X509_STORE_add_{cert,crl}() returned an error
      # if the given certificate is already in the X509_STORE
@@ -639,20 +639,20 @@ index d6c0e70..dad4036 100644
      ca1 = OpenSSL::X509::Name.parse_rfc2253("CN=Root CA")
      ca1_key = Fixtures.pkey("rsa-1")
      ca1_cert = issue_cert(ca1, ca1_key, 1, [], nil, nil)
-diff --git ruby/test/openssl/utils.rb ruby/test/openssl/utils.rb
-index 4ebcb98..18bb0c3 100644
---- ruby/test/openssl/utils.rb
-+++ ruby/test/openssl/utils.rb
-@@ -132,7 +128,7 @@ module OpenSSL::TestUtils
+diff --git a/test/openssl/utils.rb b/test/openssl/utils.rb
+index f6c84ee..c2b9195 100644
+--- a/test/openssl/utils.rb
++++ b/test/openssl/utils.rb
+@@ -107,7 +107,7 @@ def get_subject_key_id(cert, hex: true)
    end
  
-   def openssl?(major = nil, minor = nil, fix = nil, patch = 0)
+   def openssl?(major = nil, minor = nil, fix = nil, patch = 0, status = 0)
 -    return false if OpenSSL::OPENSSL_VERSION.include?("LibreSSL")
 +    return false if OpenSSL::OPENSSL_VERSION.include?("LibreSSL") || OpenSSL::OPENSSL_VERSION.include?("AWS-LC")
      return true unless major
      OpenSSL::OPENSSL_VERSION_NUMBER >=
-       major * 0x10000000 + minor * 0x100000 + fix * 0x1000 + patch * 0x10
-@@ -143,6 +139,10 @@ module OpenSSL::TestUtils
+       major * 0x10000000 + minor * 0x100000 + fix * 0x1000 + patch * 0x10 +
+@@ -119,6 +119,10 @@ def libressl?(major = nil, minor = nil, fix = nil)
      return false unless version
      !major || (version.map(&:to_i) <=> [major, minor, fix]) >= 0
    end
@@ -663,7 +663,7 @@ index 4ebcb98..18bb0c3 100644
  end
  
  class OpenSSL::TestCase < Test::Unit::TestCase
-@@ -298,6 +298,14 @@ class OpenSSL::PKeyTestCase < OpenSSL::TestCase
+@@ -299,6 +303,14 @@ def check_component(base, test, keys)
        assert_equal base.send(comp), test.send(comp)
      }
    end
diff --git a/tests/ci/integration/ruby_patch/ruby_3_4/aws-lc-ruby.patch b/tests/ci/integration/ruby_patch/ruby_3_4/aws-lc-ruby.patch
index 76879eb8744..04909e947d5 100644
--- a/tests/ci/integration/ruby_patch/ruby_3_4/aws-lc-ruby.patch
+++ b/tests/ci/integration/ruby_patch/ruby_3_4/aws-lc-ruby.patch
@@ -143,13 +143,13 @@ index 1217f25..5b68544 100644
      e = OpenSSL::BN.new(999)
  
      assert_equal(0, e.get_flags(OpenSSL::BN::CONSTTIME))
-@@ -364,7 +366,9 @@ class OpenSSL::TestBN < OpenSSL::TestCase
-       assert_equal(true, Ractor.new(@e2) { _1.negative? }.take)
-       assert_include(128..255, Ractor.new { OpenSSL::BN.rand(8)}.take)
-       assert_include(0...2**32, Ractor.new { OpenSSL::BN.generate_prime(32) }.take)
--      assert_equal(0, Ractor.new { OpenSSL::BN.new(999).get_flags(OpenSSL::BN::CONSTTIME) }.take)
+@@ -372,7 +374,9 @@ def test_ractor
+       assert_equal(true, Ractor.new(@e2) { _1.negative? }.value)
+       assert_include(128..255, Ractor.new { OpenSSL::BN.rand(8)}.value)
+       assert_include(0...2**32, Ractor.new { OpenSSL::BN.generate_prime(32) }.value)
+-      assert_equal(0, Ractor.new { OpenSSL::BN.new(999).get_flags(OpenSSL::BN::CONSTTIME) }.value)
 +      if !aws_lc? # AWS-LC does not support BN::CONSTTIME.
-+        assert_equal(0, Ractor.new { OpenSSL::BN.new(999).get_flags(OpenSSL::BN::CONSTTIME) }.take)
++        assert_equal(0, Ractor.new { OpenSSL::BN.new(999).get_flags(OpenSSL::BN::CONSTTIME) }.value)
 +      end
        # test if shareable when frozen
        assert Ractor.shareable?(@e1.freeze)