diff --git a/relenv/build/common.py b/relenv/build/common.py
index 209d4cac..85f4221b 100644
--- a/relenv/build/common.py
+++ b/relenv/build/common.py
@@ -535,6 +535,7 @@ def fetch_file(self):
             if self.fallback_url:
                 print(f"Download failed {self.url} ({exc}); trying fallback url")
                 return download_url(self.fallback_url, self.destination, CICD), True
+            raise
 
     def fetch_signature(self, version):
         """
diff --git a/relenv/build/darwin.py b/relenv/build/darwin.py
index 1b032462..a9eca639 100644
--- a/relenv/build/darwin.py
+++ b/relenv/build/darwin.py
@@ -78,8 +78,8 @@ def build_python(env, dirs, logfp):
     build_func=build_openssl,
     download={
         "url": "https://github.com/openssl/openssl/releases/download/openssl-{version}/openssl-{version}.tar.gz",
-        "version": "3.2.4",
-        "checksum": "2247802a1193c0f8eb41c870e8de45a2241422d5",
+        "version": "3.5.4",
+        "checksum": "b75daac8e10f189abe28a076ba5905d363e4801f",
     },
 )
 
diff --git a/relenv/build/linux.py b/relenv/build/linux.py
index 7285c5c3..c7e754e6 100644
--- a/relenv/build/linux.py
+++ b/relenv/build/linux.py
@@ -482,8 +482,8 @@ def build_python(env, dirs, logfp):
     build_func=build_openssl,
     download={
         "url": "https://github.com/openssl/openssl/releases/download/openssl-{version}/openssl-{version}.tar.gz",
-        "version": "3.2.4",
-        "checksum": "2247802a1193c0f8eb41c870e8de45a2241422d5",
+        "version": "3.5.4",
+        "checksum": "b75daac8e10f189abe28a076ba5905d363e4801f",
         "checkfunc": tarball_version,
         "checkurl": "https://www.openssl.org/source/",
     },
@@ -551,7 +551,7 @@ def build_python(env, dirs, logfp):
     name="gdbm",
     build_func=build_gdbm,
     download={
-        "url": "https://ftp.gnu.org/gnu/gdbm/gdbm-{version}.tar.gz",
+        "url": "https://mirrors.ocf.berkeley.edu/gnu/gdbm/gdbm-{version}.tar.gz",
         "version": "1.26",
         "checksum": "6cee3657de948e691e8df26509157be950cef4d4",
         "checkfunc": tarball_version,
@@ -562,7 +562,7 @@ def build_python(env, dirs, logfp):
     name="ncurses",
     build_func=build_ncurses,
     download={
-        "url": "https://ftp.gnu.org/pub/gnu/ncurses/ncurses-{version}.tar.gz",
+        "url": "https://mirrors.ocf.berkeley.edu/gnu/ncurses/ncurses-{version}.tar.gz",
         "version": "6.5",
         "checksum": "cde3024ac3f9ef21eaed6f001476ea8fffcaa381",
         "checkfunc": tarball_version,
@@ -620,7 +620,7 @@ def build_python(env, dirs, logfp):
     build_func=build_readline,
     wait_on=["ncurses"],
     download={
-        "url": "https://ftp.gnu.org/gnu/readline/readline-{version}.tar.gz",
+        "url": "https://mirrors.ocf.berkeley.edu/gnu/readline/readline-{version}.tar.gz",
         "version": "8.3",
         "checksum": "2c05ae9350b695f69d70b47f17f092611de2081f",
         "checkfunc": tarball_version,
diff --git a/tests/test_verify_build.py b/tests/test_verify_build.py
index 6808cd32..ad3681b8 100644
--- a/tests/test_verify_build.py
+++ b/tests/test_verify_build.py
@@ -665,20 +665,75 @@ def test_pip_install_m2crypto_system_ssl(pipexec, pyexec):
     assert p.returncode == 0, p.stderr
 
 
+SSLVERSION = """
+import ctypes
+import ctypes.util
+import platform
+
+def get_openssl_version():
+    '''
+    Programmatically discovers the OpenSSL version using ctypes.
+    '''
+    # Determine the library name based on the operating system
+    if platform.system() == "Windows":
+        lib_name = ctypes.util.find_library("libcrypto-3") or ctypes.util.find_library("libcrypto-1_1")
+    else:
+        lib_name = ctypes.util.find_library("crypto")
+
+    if not lib_name:
+        print("Could not find OpenSSL libcrypto library.")
+        return None, None
+
+    libcrypto = ctypes.CDLL(lib_name)
+
+    # Define the C function prototypes
+    libcrypto.OpenSSL_version_num.restype = ctypes.c_ulong
+    libcrypto.OpenSSL_version.argtypes = [ctypes.c_int]
+    libcrypto.OpenSSL_version.restype = ctypes.c_char_p
+
+    # Call the C functions
+    version_num_hex = libcrypto.OpenSSL_version_num()
+    version_str = libcrypto.OpenSSL_version(0).decode("utf-8")
+
+    # Parse the numeric version
+    # The version number format is MNNFFPPS
+    major = (version_num_hex >> 28) & 0xFF
+    minor = (version_num_hex >> 20) & 0xFF
+    patch = (version_num_hex >> 4) & 0xFF
+
+    return (major, minor, patch)
+
+if __name__ == "__main__":
+    print(
+        ",".join([str(x) for x in get_openssl_version()]
+        )
+    )
+"""
+
+
+@pytest.fixture
+def ssl_version(pyexec, tmp_path):
+    file = tmp_path / "script.py"
+    file.write_text(SSLVERSION)
+    ret = subprocess.run([pyexec, str(file)], capture_output=True)
+    print(ret)
+    return tuple([int(x) for x in ret.stdout.decode().strip().split(",")])
+
+
 @pytest.mark.skip_unless_on_linux
 @pytest.mark.parametrize(
     "m2crypto_version",
-    [
-        "0.38.0",
-        "0.44.0",
-    ],
+    ["0.38.0", "0.44.0", "0.46.0"],
 )
 def test_pip_install_m2crypto_relenv_ssl(
-    m2crypto_version, pipexec, pyexec, build, build_version, minor_version
+    m2crypto_version, pipexec, pyexec, build, build_version, minor_version, ssl_version
 ):
     if m2crypto_version == "0.38.0" and minor_version in ["3.12", "3.13"]:
         pytest.xfail("Fails due to no distutils")
 
+    if ssl_version >= (3, 5) and m2crypto_version in ["0.38.0", "0.44.0"]:
+        pytest.xfail("Openssl Needs newer m2crypto")
+
     _install_ppbt(pyexec)
 
     p = subprocess.run(