diff --git a/nodejs20.changes b/nodejs20.changes
index df03674..04ceaee 100644
--- a/nodejs20.changes
+++ b/nodejs20.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri May 12 07:52:30 UTC 2023 - Adam Majer <adam.majer@suse.de>
+
+- z13.patch: fixes illegal instruction error on z13 and older s390
+
+-------------------------------------------------------------------
+Thu May 10 13:09:58 UTC 2023 - Otto Hollmann <otto.hollmann@suse.com>
+
+- Adapt tests for OpenSSL 3.1 [bsc#1209430]
+  * Add openssl3_1-adapt_tests.patch
+
 -------------------------------------------------------------------
 Thu May  4 13:26:26 UTC 2023 - Adam Majer <adam.majer@suse.de> - 20.1.0
 
diff --git a/nodejs20.spec b/nodejs20.spec
index 9eddb01..041d727 100644
--- a/nodejs20.spec
+++ b/nodejs20.spec
@@ -172,6 +172,8 @@ Patch200:       versioned.patch
 Patch305:       qemu_timeouts_arches.patch
 Patch308:       node-gyp-config.patch
 Patch309:       gcc13.patch
+Patch310:       openssl3_1-adapt_tests.patch
+Patch311:       z13.patch
 
 BuildRequires:  pkg-config
 BuildRequires:  fdupes
@@ -704,6 +706,8 @@ popd
 
 %patch305 -p1
 %patch309 -p1
+%patch310 -p1
+%patch311 -p1
 
 %if %{node_version_number} == 12
 # minimist security update - patch50
diff --git a/openssl3_1-adapt_tests.patch b/openssl3_1-adapt_tests.patch
new file mode 100644
index 0000000..416c0e6
--- /dev/null
+++ b/openssl3_1-adapt_tests.patch
@@ -0,0 +1,104 @@
+commit 33ee7a0221b1fad07639c3c8948ad322238a52ab
+Author: Otto Hollmann <otto.hollmann@suse.com>
+Date:   Wed May 10 11:07:36 2023 +0200
+
+    test: Adapt tests for OpenSSL 3.1
+
+diff --git a/test/common/index.js b/test/common/index.js
+index f3caa9d1d4..a3e317d24b 100644
+--- a/test/common/index.js
++++ b/test/common/index.js
+@@ -57,7 +57,10 @@ const hasCrypto = Boolean(process.versions.openssl) &&
+                   !process.env.NODE_SKIP_CRYPTO;
+ 
+ const hasOpenSSL3 = hasCrypto &&
+-    require('crypto').constants.OPENSSL_VERSION_NUMBER >= 805306368;
++    require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30000000;
++
++const hasOpenSSL31 = hasCrypto &&
++    require('crypto').constants.OPENSSL_VERSION_NUMBER >= 0x30100000;
+ 
+ const hasQuic = hasCrypto && !!process.config.variables.openssl_quic;
+ 
+@@ -913,6 +916,7 @@ const common = {
+   hasIntl,
+   hasCrypto,
+   hasOpenSSL3,
++  hasOpenSSL31,
+   hasQuic,
+   hasMultiLocalhost,
+   invalidArgTypeHelper,
+diff --git a/test/parallel/test-https-agent-session-eviction.js b/test/parallel/test-https-agent-session-eviction.js
+index 20cdb870a0..da56007105 100644
+--- a/test/parallel/test-https-agent-session-eviction.js
++++ b/test/parallel/test-https-agent-session-eviction.js
+@@ -56,6 +56,7 @@ function faultyServer(port) {
+ function second(server, session) {
+   const req = https.request({
+     port: server.address().port,
++    ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
+     rejectUnauthorized: false
+   }, function(res) {
+     res.resume();
+diff --git a/test/parallel/test-tls-alert.js b/test/parallel/test-tls-alert.js
+index 31b07104c2..9e92ccca49 100644
+--- a/test/parallel/test-tls-alert.js
++++ b/test/parallel/test-tls-alert.js
+@@ -41,7 +41,7 @@ const server = tls.Server({
+   key: loadPEM('agent2-key'),
+   cert: loadPEM('agent2-cert')
+ }, null).listen(0, common.mustCall(() => {
+-  const args = ['s_client', '-quiet', '-tls1_1',
++  const args = ['s_client', '-quiet', '-tls1_1', '-cipher', (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
+                 '-connect', `127.0.0.1:${server.address().port}`];
+ 
+   execFile(common.opensslCli, args, common.mustCall((err, _, stderr) => {
+diff --git a/test/parallel/test-tls-getprotocol.js b/test/parallel/test-tls-getprotocol.js
+index d45287d671..ee33200916 100644
+--- a/test/parallel/test-tls-getprotocol.js
++++ b/test/parallel/test-tls-getprotocol.js
+@@ -11,8 +11,8 @@ const tls = require('tls');
+ const fixtures = require('../common/fixtures');
+ 
+ const clientConfigs = [
+-  { secureProtocol: 'TLSv1_method', version: 'TLSv1' },
+-  { secureProtocol: 'TLSv1_1_method', version: 'TLSv1.1' },
++  { secureProtocol: 'TLSv1_method', version: 'TLSv1', ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT') },
++  { secureProtocol: 'TLSv1_1_method', version: 'TLSv1.1', ciphers: (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT') },
+   { secureProtocol: 'TLSv1_2_method', version: 'TLSv1.2' },
+ ];
+ 
+@@ -30,6 +30,7 @@ const server = tls.createServer(serverConfig, common.mustCall(clientConfigs.leng
+     tls.connect({
+       host: common.localhostIPv4,
+       port: server.address().port,
++      ciphers: v.ciphers,
+       rejectUnauthorized: false,
+       secureProtocol: v.secureProtocol
+     }, common.mustCall(function() {
+diff --git a/test/parallel/test-tls-min-max-version.js b/test/parallel/test-tls-min-max-version.js
+index 5cea41ca7e..ab351558a4 100644
+--- a/test/parallel/test-tls-min-max-version.js
++++ b/test/parallel/test-tls-min-max-version.js
+@@ -22,6 +22,9 @@ function test(cmin, cmax, cprot, smin, smax, sprot, proto, cerr, serr) {
+     if (serr !== 'ERR_SSL_UNSUPPORTED_PROTOCOL')
+       ciphers = 'ALL@SECLEVEL=0';
+   }
++  if (common.hasOpenSSL31 && cerr === 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION') {
++    ciphers = 'DEFAULT@SECLEVEL=0';
++  }
+   // Report where test was called from. Strip leading garbage from
+   //     at Object.<anonymous> (file:line)
+   // from the stack location, we only want the file:line part.
+diff --git a/test/parallel/test-tls-session-cache.js b/test/parallel/test-tls-session-cache.js
+index c4bebff2e3..e4ecb53282 100644
+--- a/test/parallel/test-tls-session-cache.js
++++ b/test/parallel/test-tls-session-cache.js
+@@ -100,6 +100,7 @@ function doTest(testOptions, callback) {
+     const args = [
+       's_client',
+       '-tls1',
++      '-cipher', (common.hasOpenSSL31 ? 'DEFAULT:@SECLEVEL=0' : 'DEFAULT'),
+       '-connect', `localhost:${this.address().port}`,
+       '-servername', 'ohgod',
+       '-key', fixtures.path('keys/rsa_private.pem'),
diff --git a/z13.patch b/z13.patch
new file mode 100644
index 0000000..b4cbe49
--- /dev/null
+++ b/z13.patch
@@ -0,0 +1,90 @@
+From 540a17bcd30abc3f14d1e1b0ef81a23fde0ca18d Mon Sep 17 00:00:00 2001
+From: Milad Fa <mfarazma@redhat.com>
+Date: Wed, 10 May 2023 19:40:36 +0000
+Subject: [PATCH] Fix usage of MulHighS64 on <= z13
+
+Change-Id: If7ac06eef57cc3db059c2640b77c80de3b16fced
+https://chromium-review.googlesource.com/c/v8/v8/+/4521297
+
+---
+
+Index: node-v20.1.0/deps/v8/src/compiler/backend/s390/code-generator-s390.cc
+===================================================================
+--- node-v20.1.0.orig/deps/v8/src/compiler/backend/s390/code-generator-s390.cc
++++ node-v20.1.0/deps/v8/src/compiler/backend/s390/code-generator-s390.cc
+@@ -1699,15 +1699,18 @@ CodeGenerator::CodeGenResult CodeGenerat
+     case kS390_Mul64WithOverflow: {
+       Register dst = i.OutputRegister(), src1 = i.InputRegister(0),
+                src2 = i.InputRegister(1);
+-      DCHECK(!AreAliased(dst, src1, src2));
++      CHECK(!AreAliased(dst, src1, src2));
+       if (CpuFeatures::IsSupported(MISC_INSTR_EXT2)) {
+         __ msgrkc(dst, src1, src2);
+       } else {
+-        __ mgrk(r0, src1, src2);  // r0 = high 64-bits, r1 = low 64-bits.
+-        __ lgr(dst, r1);
+-        __ ShiftRightS64(r1, r1, Operand(63));
++        // Mul high.
++        __ MulHighS64(r1, src1, src2);
++        // Mul low.
++        __ mov(dst, src1);
++        __ MulS64(dst, src2);
+         // Test whether {high} is a sign-extension of {result}.
+-        __ CmpU64(r0, r1);
++        __ ShiftRightS64(r0, dst, Operand(63));
++        __ CmpU64(r1, r0);
+       }
+       break;
+     }
+@@ -1725,20 +1728,7 @@ CodeGenerator::CodeGenResult CodeGenerat
+       ASSEMBLE_BIN_OP(RRRInstr(MulHighU64), nullInstr, nullInstr);
+       break;
+     case kS390_MulHighS64:
+-      if (CpuFeatures::IsSupported(MISC_INSTR_EXT2)) {
+-        ASSEMBLE_BIN_OP(RRRInstr(MulHighS64), nullInstr, nullInstr);
+-      } else {
+-        __ Push(r2, r3, i.InputRegister(0), i.InputRegister(1));
+-        __ Pop(r2, r3);
+-        {
+-          FrameScope scope(masm(), StackFrame::INTERNAL);
+-          __ PrepareCallCFunction(2, 0, kScratchReg);
+-          __ CallCFunction(ExternalReference::int64_mul_high_function(), 2, 0);
+-        }
+-        __ mov(kScratchReg, r2);
+-        __ Pop(r2, r3);
+-        __ mov(i.OutputRegister(), kScratchReg);
+-      }
++      ASSEMBLE_BIN_OP(RRRInstr(MulHighS64), nullInstr, nullInstr);
+       break;
+     case kS390_MulFloat:
+       ASSEMBLE_BIN_OP(DDInstr(meebr), DMTInstr(MulFloat32), nullInstr);
+Index: node-v20.1.0/deps/v8/src/codegen/s390/macro-assembler-s390.cc
+===================================================================
+--- node-v20.1.0.orig/deps/v8/src/codegen/s390/macro-assembler-s390.cc
++++ node-v20.1.0/deps/v8/src/codegen/s390/macro-assembler-s390.cc
+@@ -2906,8 +2906,23 @@ void MacroAssembler::MulS64(Register dst
+ }
+ 
+ void MacroAssembler::MulHighS64(Register dst, Register src1, Register src2) {
+-  mgrk(r0, src1, src2);
+-  lgr(dst, r0);
++  if (CpuFeatures::IsSupported(MISC_INSTR_EXT2)) {
++    mgrk(r0, src1, src2);
++    lgr(dst, r0);
++  } else {
++    SaveFPRegsMode fp_mode = SaveFPRegsMode::kSave;
++    PushCallerSaved(fp_mode, ip);
++    Push(src1, src2);
++    Pop(r2, r3);
++    {
++      FrameScope scope(this, StackFrame::INTERNAL);
++      PrepareCallCFunction(2, 0, r0);
++      CallCFunction(ExternalReference::int64_mul_high_function(), 2, 0);
++    }
++    mov(r0, r2);
++    PopCallerSaved(fp_mode, ip);
++    mov(dst, r0);
++  }
+ }
+ 
+ void MacroAssembler::MulHighS64(Register dst, Register src1,