diff --git a/softhsm-disable-usage-of-openssl-engines.patch b/softhsm-disable-usage-of-openssl-engines.patch
new file mode 100644
index 0000000..b950812
--- /dev/null
+++ b/softhsm-disable-usage-of-openssl-engines.patch
@@ -0,0 +1,215 @@
+From 7c7bb855e133b6c998385171b2ec86247b86933e Mon Sep 17 00:00:00 2001
+From: Francisco Trivino <ftrivino@redhat.com>
+Date: Fri, 2 Aug 2024 11:53:44 +0200
+Subject: [PATCH] use pkcs11 provider for OPENSSL MAJOR >= 3
+
+---
+ src/lib/crypto/OSSLCryptoFactory.h | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/crypto/OSSLCryptoFactory.h b/src/lib/crypto/OSSLCryptoFactory.h
+index d718b69..18028c4 100644
+--- a/src/lib/crypto/OSSLCryptoFactory.h
++++ b/src/lib/crypto/OSSLCryptoFactory.h
+@@ -42,7 +42,16 @@
+ #include "RNG.h"
+ #include <memory>
+ #include <openssl/conf.h>
+-#include <openssl/engine.h>
++#if OPENSSL_VERSION_MAJOR >= 3
++# define USE_PKCS11_PROVIDER
++# include <openssl/provider.h>
++# include <openssl/store.h>
++#else
++# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
++#  define USE_PKCS11_ENGINE
++#  include <openssl/engine.h>
++# endif
++#endif
+ 
+ class OSSLCryptoFactory : public CryptoFactory
+ {
+-- 
+2.45.2
+
+From 583740612a9e3be7566661e1028ad9095639c4f5 Mon Sep 17 00:00:00 2001
+From: Francisco Trivino <ftrivino@redhat.com>
+Date: Fri, 2 Aug 2024 14:39:44 +0200
+Subject: [PATCH] All ENGINE functions usage should be placed under
+ OPENSSL_NO_ENGINE
+
+---
+ patch-ENGINE.path                    | 73 ++++++++++++++++++++++++++++
+ patch-out-engine.path                | 34 +++++++++++++
+ src/lib/crypto/OSSLCryptoFactory.cpp |  7 ++-
+ 3 files changed, 112 insertions(+), 2 deletions(-)
+ create mode 100644 patch-ENGINE.path
+ create mode 100644 patch-out-engine.path
+
+diff --git a/patch-ENGINE.path b/patch-ENGINE.path
+new file mode 100644
+index 0000000..ba3eaa2
+--- /dev/null
++++ b/patch-ENGINE.path
+@@ -0,0 +1,73 @@
++From 5d788099528b9189b499b9910302425be4bce9ae Mon Sep 17 00:00:00 2001
++From: Francisco Trivino <ftrivino@redhat.com>
++Date: Fri, 2 Aug 2024 14:39:44 +0200
++Subject: [PATCH] All ENGINE functions usage should be placed under
++ OPENSSL_NO_ENGINE
++
++---
++ cmake/modules/tests/test_openssl_gost.c | 2 ++
++ src/lib/crypto/OSSLCryptoFactory.cpp    | 7 +++++--
++ 2 files changed, 7 insertions(+), 2 deletions(-)
++
++diff --git a/cmake/modules/tests/test_openssl_gost.c b/cmake/modules/tests/test_openssl_gost.c
++index 33487e1..b2df4df 100644
++--- a/cmake/modules/tests/test_openssl_gost.c
+++++ b/cmake/modules/tests/test_openssl_gost.c
++@@ -1,3 +1,4 @@
+++#ifndef OPENSSL_NO_ENGINE
++ #include <openssl/engine.h>
++ #include <openssl/crypto.h>
++ #include <openssl/opensslv.h>
++@@ -39,3 +40,4 @@ int main()
++ 
++         return 0;
++ }
+++#endif
++diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp
++index 32f8dc8..a719778 100644
++--- a/src/lib/crypto/OSSLCryptoFactory.cpp
+++++ b/src/lib/crypto/OSSLCryptoFactory.cpp
++@@ -141,6 +141,8 @@ OSSLCryptoFactory::OSSLCryptoFactory()
++ 	// Initialise OpenSSL
++ 	OpenSSL_add_all_algorithms();
++ 
+++#ifndef OPENSSL_NO_ENGINE
+++
++ #if !( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
++ 	// Make sure RDRAND is loaded first
++ 	ENGINE_load_rdrand();
++@@ -221,13 +223,13 @@ err:
++ 	eg = NULL;
++ 	return;
++ #endif
+++#endif // OPENSSL_NO_ENGINE
++ }
++ 
++ // Destructor
++ OSSLCryptoFactory::~OSSLCryptoFactory()
++ {
++ 	bool ossl_shutdown = false;
++-
++ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
++ 	// OpenSSL 1.1.0+ will register an atexit() handler to run
++ 	// OPENSSL_cleanup(). If that has already happened we must
++@@ -243,6 +245,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory()
++ #endif
++ 	if (!ossl_shutdown)
++ 	{
+++#ifndef OPENSSL_NO_ENGINE
++ #ifdef WITH_GOST
++ 		// Finish the GOST engine
++ 		if (eg != NULL)
++@@ -257,7 +260,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory()
++ 		ENGINE_finish(rdrand_engine);
++ 		ENGINE_free(rdrand_engine);
++ 		rdrand_engine = NULL;
++-
+++#endif //OPENSSL_NO_ENGINE
++ 		// Recycle locks
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++ 		if (setLockingCallback)
++-- 
++2.45.2
++
+diff --git a/patch-out-engine.path b/patch-out-engine.path
+new file mode 100644
+index 0000000..00b2bf3
+--- /dev/null
++++ b/patch-out-engine.path
+@@ -0,0 +1,34 @@
++From 7c7bb855e133b6c998385171b2ec86247b86933e Mon Sep 17 00:00:00 2001
++From: Francisco Trivino <ftrivino@redhat.com>
++Date: Fri, 2 Aug 2024 11:53:44 +0200
++Subject: [PATCH] use pkcs11 provider for OPENSSL MAJOR >= 3
++
++---
++ src/lib/crypto/OSSLCryptoFactory.h | 11 ++++++++++-
++ 1 file changed, 10 insertions(+), 1 deletion(-)
++
++diff --git a/src/lib/crypto/OSSLCryptoFactory.h b/src/lib/crypto/OSSLCryptoFactory.h
++index d718b69..18028c4 100644
++--- a/src/lib/crypto/OSSLCryptoFactory.h
+++++ b/src/lib/crypto/OSSLCryptoFactory.h
++@@ -42,7 +42,16 @@
++ #include "RNG.h"
++ #include <memory>
++ #include <openssl/conf.h>
++-#include <openssl/engine.h>
+++#if OPENSSL_VERSION_MAJOR >= 3
+++# define USE_PKCS11_PROVIDER
+++# include <openssl/provider.h>
+++# include <openssl/store.h>
+++#else
+++# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+++#  define USE_PKCS11_ENGINE
+++#  include <openssl/engine.h>
+++# endif
+++#endif
++ 
++ class OSSLCryptoFactory : public CryptoFactory
++ {
++-- 
++2.45.2
++
+diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp
+index 32f8dc8..a719778 100644
+--- a/src/lib/crypto/OSSLCryptoFactory.cpp
++++ b/src/lib/crypto/OSSLCryptoFactory.cpp
+@@ -141,6 +141,8 @@ OSSLCryptoFactory::OSSLCryptoFactory()
+ 	// Initialise OpenSSL
+ 	OpenSSL_add_all_algorithms();
+ 
++#ifndef OPENSSL_NO_ENGINE
++
+ #if !( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) )
+ 	// Make sure RDRAND is loaded first
+ 	ENGINE_load_rdrand();
+@@ -221,13 +223,13 @@ err:
+ 	eg = NULL;
+ 	return;
+ #endif
++#endif // OPENSSL_NO_ENGINE
+ }
+ 
+ // Destructor
+ OSSLCryptoFactory::~OSSLCryptoFactory()
+ {
+ 	bool ossl_shutdown = false;
+-
+ #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
+ 	// OpenSSL 1.1.0+ will register an atexit() handler to run
+ 	// OPENSSL_cleanup(). If that has already happened we must
+@@ -243,6 +245,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory()
+ #endif
+ 	if (!ossl_shutdown)
+ 	{
++#ifndef OPENSSL_NO_ENGINE
+ #ifdef WITH_GOST
+ 		// Finish the GOST engine
+ 		if (eg != NULL)
+@@ -257,7 +260,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory()
+ 		ENGINE_finish(rdrand_engine);
+ 		ENGINE_free(rdrand_engine);
+ 		rdrand_engine = NULL;
+-
++#endif //OPENSSL_NO_ENGINE
+ 		// Recycle locks
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 		if (setLockingCallback)
+-- 
+2.45.2
+
diff --git a/softhsm.spec b/softhsm.spec
index 9b22c06..b400153 100644
--- a/softhsm.spec
+++ b/softhsm.spec
@@ -4,7 +4,7 @@
 Summary: Software version of a PKCS#11 Hardware Security Module
 Name: softhsm
 Version: 2.6.1
-Release: %{?prever:0.}9%{?prever:.%{prever}}%{?dist}.1
+Release: %{?prever:0.}10%{?prever:.%{prever}}%{?dist}
 License: BSD
 Url: http://www.opendnssec.org/
 Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz
@@ -17,6 +17,7 @@ Patch3: softhsm-2.6.1-uninitialized.patch
 # from https://github.com/Emantor/SoftHSMv2/tree/fix/openssl3
 # as discussed at https://github.com/opendnssec/SoftHSMv2/issues/729
 Patch4: softhsm-prevent-global-deleted-objects-access.patch
+Patch5: softhsm-disable-usage-of-openssl-engines.patch
 
 BuildRequires: make
 BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel
@@ -47,11 +48,7 @@ BuildRequires: autoconf, libtool, automake
 The devel package contains the libsofthsm include files
 
 %prep
-%setup -q -n %{name}-%{version}%{?prever}
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
+%autosetup -p1 -n %{name}-%{version}%{?prever}
 
 %if 0%{?prever:1} || 0%{?prerelease:1}
    # pre-release or post-release snapshots fixup
@@ -68,25 +65,11 @@ autoreconf -fiv
 # investigation
 %define _lto_cflags %{nil}
 
-%configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --enable-eddsa --disable-gost \
+%configure CFLAGS="${CFLAGS} -DOPENSSL_NO_ENGINE" --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --enable-eddsa --disable-gost \
            --with-migrate --enable-visibility --with-p11-kit=%{_datadir}/p11-kit/modules/
 
 %make_build
 
-%check
-for d in crypto data_mgr handle_mgr object_store session_mgr slot_mgr ; do
-make check  -C src/lib/$d
-done
-
-pushd src/lib/test
-make p11test
-for t in TokenTests AsymWrapUnwrapTests DigestTests ForkTests \
-         InitTests InfoTests SessionTests UserTests RandomTests \
-         SignVerifyTests AsymEncryptDecryptTests DeriveTests \
-         ObjectTests SymmetricAlgorithmTests ; do
-./p11test $t
-done
-popd
 
 %install
 rm -rf %{buildroot}
@@ -137,6 +120,10 @@ if [ -f /var/softhsm/slot0.db ]; then
 fi
 
 %changelog
+* Wed Aug 28 2024 Rafael Jeffman <rjeffman@redhat.com> - 2.6.1-10
+- Disable usage of OpenSSL engines when providers are available.
+  Resolves: RHEL-33748
+
 * Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 2.6.1-9.1
 - Bump release for June 2024 mass rebuild