diff --git a/ruby-2.6.0-use-larger-keys-for-SSL-tests2.patch b/ruby-2.6.0-use-larger-keys-for-SSL-tests2.patch
new file mode 100644
index 0000000..78ccf1f
--- /dev/null
+++ b/ruby-2.6.0-use-larger-keys-for-SSL-tests2.patch
@@ -0,0 +1,51 @@
+From 6872cefaf682c7e9d538ef9d87f94f7a77c21154 Mon Sep 17 00:00:00 2001
+From: nagachika <nagachika@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
+Date: Wed, 7 Aug 2019 12:38:15 +0000
+Subject: [PATCH] merge revision(s) 1e54903684aa3c9ea3fe54520157846a1b1f07be:
+ [Backport #16051]
+
+	test/openssl: Support OpenSSL 1.1.1
+
+	OpenSSL 1.1.1 rejects some shorter keys, which caused some failures of
+	`make test-all TESTS=openssl`.
+
+	https://rubyci.org/logs/rubyci.s3.amazonaws.com/debian/ruby-master/log/20190606T003005Z.fail.html.gz
+
+	This change merges 6bbc31ddd1 and 63fb3a36d1 in
+	https://github.com/ruby/openssl.
+	Reference: https://github.com/ruby/openssl/pull/217
+
+git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/branches/ruby_2_6@67735 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
+---
+ test/openssl/test_ssl.rb | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
+index 46570b8b95..51d63859c0 100644
+--- a/test/openssl/test_ssl.rb
++++ b/test/openssl/test_ssl.rb
+@@ -81,7 +81,7 @@ def test_add_certificate_multiple_certs
+     add0_chain_supported = openssl?(1, 0, 2)
+ 
+     if add0_chain_supported
+-      ca2_key = Fixtures.pkey("rsa1024")
++      ca2_key = Fixtures.pkey("rsa2048")
+       ca2_exts = [
+         ["basicConstraints", "CA:TRUE", true],
+         ["keyUsage", "cRLSign, keyCertSign", true],
+@@ -1357,7 +1357,12 @@ def test_fallback_scsv
+     # Server support better, so refuse the connection
+     sock1, sock2 = socketpair
+     begin
++      # This test is for the downgrade protection mechanism of TLS1.2.
++      # This is why ctx1 bounds max_version == TLS1.2.
++      # Otherwise, this test fails when using openssl 1.1.1 (or later) that supports TLS1.3.
++      # TODO: We may need another test for TLS1.3 because it seems to have a different mechanism.
+       ctx1 = OpenSSL::SSL::SSLContext.new
++      ctx1.max_version = OpenSSL::SSL::TLS1_2_VERSION
+       s1 = OpenSSL::SSL::SSLSocket.new(sock1, ctx1)
+ 
+       ctx2 = OpenSSL::SSL::SSLContext.new
+-- 
+2.26.2
+
diff --git a/ruby.spec b/ruby.spec
index 0025319..653c9e9 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -168,6 +168,9 @@ Patch23: ruby-2.6.0-use-larger-keys-for-SSL-tests.patch
 Patch41: ruby-2.8.0-Brace-the-fact-that-lchmod-can-EOPNOTSUPP.patch
 # https://github.com/ruby/ruby/commit/72c02aa4b79731c7f25c9267f74b347f1946c704
 Patch42: ruby-2.8.0-Moved-not-implemented-method-tests.patch
+# Use larger keys for test_ssl test failures.
+# https://github.com/ruby/ruby/commit/a3843824c455d0b0efcfc5af03cbcebaac090eda
+Patch43: ruby-2.6.0-use-larger-keys-for-SSL-tests2.patch
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@@ -561,6 +564,7 @@ rm -rf ext/fiddle/libffi*
 %patch24 -p1
 %patch41 -p1
 %patch42 -p1
+%patch43 -p1
 
 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@@ -1121,6 +1125,7 @@ MSPECOPTS="$MSPECOPTS -P 'File.lchmod raises a NotImplementedError when called'"
 - Fix FTBFS due to libyaml 0.2.5.
 - Disable LTO, which appear to cause issues with SIGSEV handler.
 - Avoid possible timeout errors in TestBugReporter#test_bug_reporter_add.
+- Use larger keys for test_ssl test failures.
 
 * Tue Apr 30 2019 Jun Aruga <jaruga@redhat.com> - 2.5.5-105
 - Update to Ruby 2.5.5.