diff --git a/SOURCES/openvswitch-2.17.0.patch b/SOURCES/openvswitch-2.17.0.patch
index ac1ba8d..5da4f59 100644
--- a/SOURCES/openvswitch-2.17.0.patch
+++ b/SOURCES/openvswitch-2.17.0.patch
@@ -283,6 +283,108 @@ index 0c360fd1ef..c981f90bc7 100644
       [], [enable_sparse=no])
     AM_CONDITIONAL([ENABLE_SPARSE_BY_DEFAULT], [test $enable_sparse = yes])])
  
+diff --git a/build-aux/generate-dhparams-c b/build-aux/generate-dhparams-c
+index 1884c99e1f..aca1dbca91 100755
+--- a/build-aux/generate-dhparams-c
++++ b/build-aux/generate-dhparams-c
+@@ -1,5 +1,74 @@
+ #! /bin/sh -e
+ 
++dhparam_to_c() {
++    local bits
++    local get_p=0
++    local line
++    local nl="
++"
++    local p
++    local i=0
++    while read -r line; do
++        case "$line" in
++            *"DH Parameters: "*)
++                bits=${line#*DH Parameters: (}
++                bits=${bits% bit)}
++                continue
++                ;;
++            "P:"|"prime:")
++                get_p=1
++                continue
++                ;;
++            "G: "*|"generator: "*)
++                g=${line#*(}
++                g=${g%)}
++                g=$(printf "0x%.2X" "$g")
++                continue
++                ;;
++        esac
++        if [ "$get_p" = 1 ]; then
++            IFS=":"
++            for x in $line; do
++                [ -z "$p" ] && [ "$x" = "00" ] && continue
++                [ $i -ge 10 ] && i=0
++                [ $i -eq 0 ] && p="$p$nl       "
++                x=0x$x
++                p=$(printf "%s 0x%.2X," "$p" "$x")
++                i=$((i + 1))
++            done
++            unset IFS
++        fi
++    done <<EOF
++$(openssl dhparam -in "$1" -text -noout)
++EOF
++    p=${p%,}
++    cat <<EOF
++DH *get_dh${bits}(void)
++{
++    static unsigned char dhp_${bits}[] = {$p
++    };
++    static unsigned char dhg_${bits}[] = {
++        $g
++    };
++    DH *dh = DH_new();
++    BIGNUM *p, *g;
++
++    if (dh == NULL)
++        return NULL;
++    p = BN_bin2bn(dhp_${bits}, sizeof(dhp_${bits}), NULL);
++    g = BN_bin2bn(dhg_${bits}, sizeof(dhg_${bits}), NULL);
++    if (p == NULL || g == NULL
++            || !my_DH_set0_pqg(dh, p, NULL, g)) {
++        DH_free(dh);
++        BN_free(p);
++        BN_free(g);
++        return NULL;
++    }
++    return dh;
++}
++EOF
++}
++
+ cat <<'EOF'
+ /* Generated automatically; do not modify!     -*- buffer-read-only: t -*-
+  *
+@@ -9,6 +78,7 @@ cat <<'EOF'
+ #include "lib/dhparams.h"
+ #include "openvswitch/util.h"
+ 
++#if OPENSSL_VERSION_NUMBER < 0x3000000fL
+ static int
+ my_DH_set0_pqg(DH *dh, BIGNUM *p, const BIGNUM **q OVS_UNUSED, BIGNUM *g)
+ {
+@@ -22,11 +92,6 @@ my_DH_set0_pqg(DH *dh, BIGNUM *p, const BIGNUM **q OVS_UNUSED, BIGNUM *g)
+ #endif
+ }
+ EOF
+-(openssl dhparam -C -in lib/dh2048.pem -noout &&
+-openssl dhparam -C -in lib/dh4096.pem -noout) | sed '
+-    s/^static DH/DH/
+-    s/\(get_dh[0-9]*\)()/\1(void)/
+-    s/\(DH_set0_pqg\)/my_\1/
+-    s/[ 	]*$//
+-    s/	/        /g
+-'
++dhparam_to_c lib/dh2048.pem
++dhparam_to_c lib/dh4096.pem
++echo "#endif"
 diff --git a/configure.ac b/configure.ac
 index 4e9bcce272..5cc3f4801e 100644
 --- a/configure.ac
@@ -50814,6 +50916,23 @@ index 34d45b82a1..31db2d2c7c 100644
  
                  /* Throttle restarts to no more than once every 10 seconds. */
                  if (time(NULL) < last_restart + 10) {
+diff --git a/lib/dhparams.c b/lib/dhparams.c
+index 85123863fc..50209d5d81 100644
+--- a/lib/dhparams.c
++++ b/lib/dhparams.c
+@@ -6,6 +6,7 @@
+ #include "lib/dhparams.h"
+ #include "openvswitch/util.h"
+ 
++#if OPENSSL_VERSION_NUMBER < 0x3000000fL
+ static int
+ my_DH_set0_pqg(DH *dh, BIGNUM *p, const BIGNUM **q OVS_UNUSED, BIGNUM *g)
+ {
+@@ -142,3 +143,4 @@ DH *get_dh4096(void)
+     }
+     return dh;
+ }
++#endif
 diff --git a/lib/dns-resolve.c b/lib/dns-resolve.c
 index d344514343..1afcc65adb 100644
 --- a/lib/dns-resolve.c
@@ -55187,6 +55306,60 @@ index 1c71df1a12..ec567603b1 100644
          struct stopwatch *sw = node->data;
          shash_delete(&stopwatches, node);
          free(sw);
+diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c
+index f4fe3432e7..62da9febb6 100644
+--- a/lib/stream-ssl.c
++++ b/lib/stream-ssl.c
+@@ -193,7 +193,9 @@ static void ssl_clear_txbuf(struct ssl_stream *);
+ static void interpret_queued_ssl_error(const char *function);
+ static int interpret_ssl_error(const char *function, int ret, int error,
+                                int *want);
++#if OPENSSL_VERSION_NUMBER < 0x3000000fL
+ static DH *tmp_dh_callback(SSL *ssl, int is_export OVS_UNUSED, int keylength);
++#endif
+ static void log_ca_cert(const char *file_name, X509 *cert);
+ static void stream_ssl_set_ca_cert_file__(const char *file_name,
+                                           bool bootstrap, bool force);
+@@ -471,7 +473,11 @@ static char *
+ get_peer_common_name(const struct ssl_stream *sslv)
+ {
+     char *peer_name = NULL;
++#if OPENSSL_VERSION_NUMBER < 0x3000000fL
+     X509 *peer_cert = SSL_get_peer_certificate(sslv->ssl);
++#else
++    X509 *peer_cert = SSL_get1_peer_certificate(sslv->ssl);
++#endif
+     if (!peer_cert) {
+         return NULL;
+     }
+@@ -1070,7 +1076,11 @@ do_ssl_init(void)
+         return ENOPROTOOPT;
+     }
+     SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
++#if OPENSSL_VERSION_NUMBER < 0x3000000fL
+     SSL_CTX_set_tmp_dh_callback(ctx, tmp_dh_callback);
++#else
++    SSL_CTX_set_dh_auto(ctx, 1);
++#endif
+     SSL_CTX_set_mode(ctx, SSL_MODE_ENABLE_PARTIAL_WRITE);
+     SSL_CTX_set_mode(ctx, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
+     SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+@@ -1081,6 +1091,7 @@ do_ssl_init(void)
+     return 0;
+ }
+ 
++#if OPENSSL_VERSION_NUMBER < 0x3000000fL
+ static DH *
+ tmp_dh_callback(SSL *ssl OVS_UNUSED, int is_export OVS_UNUSED, int keylength)
+ {
+@@ -1112,6 +1123,7 @@ tmp_dh_callback(SSL *ssl OVS_UNUSED, int is_export OVS_UNUSED, int keylength)
+                 keylength);
+     return NULL;
+ }
++#endif
+ 
+ /* Returns true if SSL is at least partially configured. */
+ bool
 diff --git a/lib/stream.c b/lib/stream.c
 index fcaddf10ad..71039e24f1 100644
 --- a/lib/stream.c
diff --git a/SPECS/openvswitch2.17.spec b/SPECS/openvswitch2.17.spec
index 73fbb35..566ff69 100644
--- a/SPECS/openvswitch2.17.spec
+++ b/SPECS/openvswitch2.17.spec
@@ -57,7 +57,7 @@ Summary: Open vSwitch
 Group: System Environment/Daemons daemon/database/utilities
 URL: http://www.openvswitch.org/
 Version: 2.17.0
-Release: 56%{?dist}
+Release: 57%{?dist}
 
 # Nearly all of openvswitch is ASL 2.0.  The bugtool is LGPLv2+, and the
 # lib/sflow*.[ch] files are SISSL
@@ -743,6 +743,13 @@ exit 0
 %endif
 
 %changelog
+* Fri Oct 07 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-57
+- Merging upstream branch-2.17 [RH git: d374ce43dc]
+    Commit list:
+    fbc3b10e9f Add support for OpenSSL 3.0 functions.
+    5a77d53b8e dhparams: Fix .c file generation with OpenSSL >= 3.0.
+
+
 * Fri Oct 07 2022 Open vSwitch CI <ovs-ci@redhat.com> - 2.17.0-56
 - Merging upstream branch-2.17 [RH git: c5c912ba61]
     Commit list: