diff --git a/packages/openssl/backport-b7f65192-arm32-sigsegv.patch b/packages/openssl/backport-b7f65192-arm32-sigsegv.patch
deleted file mode 100644
index 581e157a4f..0000000000
--- a/packages/openssl/backport-b7f65192-arm32-sigsegv.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From b7f6519229a6002f944626ab3db216175dd0f142 Mon Sep 17 00:00:00 2001
-From: Arne Schwabe <arne@rfc2549.org>
-Date: Sat, 26 Apr 2025 20:21:28 +0200
-Subject: [PATCH] Fix aesv8 arm assembler code not working on 32 bit Android
-
-OpenSSL uses 'void' as perlasm for the 32 bit armeabi-arm target, which
-most notably lacks a 32 or 64 in its name. So while most code that is
-targeted for 32 uses !~ /64/ there is one instance that uses ~= /32/,
-introduced by commit 8e69c18 between 3.4.0 and 3.5.0. This leaves out
-that line on 32 bit android causing a segfault.
-
-This fixes the compilation issue by replacing the ~= /32/ with !~ /64/
-compilation taget (see 15-android.conf)
-
-Signed-off-by: Arne Schwabe <arne@rfc2549.org>
-
-Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/27510)
-
-(cherry picked from commit 77624f0c5bc7db67acb3134b28bc330533425ab6)
----
- crypto/aes/asm/aesv8-armx.pl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
-index 4f503a31ca672..af501f8ff573b 100755
---- a/crypto/aes/asm/aesv8-armx.pl
-+++ b/crypto/aes/asm/aesv8-armx.pl
-@@ -152,7 +152,7 @@
- 	adrp	$ptr,.Lrcon
- 	add	$ptr,$ptr,:lo12:.Lrcon
- ___
--$code.=<<___	if ($flavour =~ /32/);
-+$code.=<<___	if ($flavour !~ /64/);
- 	adr	$ptr,.Lrcon
- ___
- $code.=<<___;
diff --git a/packages/openssl/backport-e96d224.patch b/packages/openssl/backport-e96d224.patch
deleted file mode 100644
index 7ce3103726..0000000000
--- a/packages/openssl/backport-e96d224.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-From e96d22446e633d117e6c9904cb15b4693e956eaa Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Tue, 20 May 2025 16:34:10 +0200
-Subject: [PATCH] apps/x509.c: Fix the -addreject option adding trust instead
- of rejection
-
-Fixes CVE-2025-4575
-
-Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
-Reviewed-by: Paul Dale <ppzgs1@gmail.com>
-(Merged from https://github.com/openssl/openssl/pull/27672)
-
-(cherry picked from commit 0eb9acc24febb1f3f01f0320cfba9654cf66b0ac)
----
- apps/x509.c                 |  2 +-
- test/recipes/25-test_x509.t | 12 +++++++++++-
- 2 files changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/apps/x509.c b/apps/x509.c
-index fdae8f383a667..0c340c15b321a 100644
---- a/apps/x509.c
-+++ b/apps/x509.c
-@@ -465,7 +465,7 @@ int x509_main(int argc, char **argv)
-                            prog, opt_arg());
-                 goto opthelp;
-             }
--            if (!sk_ASN1_OBJECT_push(trust, objtmp))
-+            if (!sk_ASN1_OBJECT_push(reject, objtmp))
-                 goto end;
-             trustout = 1;
-             break;
-diff --git a/test/recipes/25-test_x509.t b/test/recipes/25-test_x509.t
-index 09b61708ff8a5..dfa0a428f5f0c 100644
---- a/test/recipes/25-test_x509.t
-+++ b/test/recipes/25-test_x509.t
-@@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file/;
- 
- setup("test_x509");
- 
--plan tests => 134;
-+plan tests => 138;
- 
- # Prevent MSys2 filename munging for arguments that look like file paths but
- # aren't
-@@ -110,6 +110,16 @@ ok(run(app(["openssl", "x509", "-new", "-force_pubkey", $key, "-subj", "/CN=EE",
- && run(app(["openssl", "verify", "-no_check_time",
-             "-trusted", $ca, "-partial_chain", $caout])));
- 
-+# test trust decoration
-+ok(run(app(["openssl", "x509", "-in", $ca, "-addtrust", "emailProtection",
-+            "-out", "ca-trusted.pem"])));
-+cert_contains("ca-trusted.pem", "Trusted Uses: E-mail Protection",
-+              1, 'trusted use - E-mail Protection');
-+ok(run(app(["openssl", "x509", "-in", $ca, "-addreject", "emailProtection",
-+            "-out", "ca-rejected.pem"])));
-+cert_contains("ca-rejected.pem", "Rejected Uses: E-mail Protection",
-+              1, 'rejected use - E-mail Protection');
-+
- subtest 'x509 -- x.509 v1 certificate' => sub {
-     tconversion( -type => 'x509', -prefix => 'x509v1',
-                  -in => srctop_file("test", "testx509.pem") );
diff --git a/packages/openssl/build.sh b/packages/openssl/build.sh
index 0c9cc4e8c9..2a7ad530e1 100644
--- a/packages/openssl/build.sh
+++ b/packages/openssl/build.sh
@@ -2,10 +2,9 @@ TERMUX_PKG_HOMEPAGE=https://www.openssl.org/
 TERMUX_PKG_DESCRIPTION="Library implementing the SSL and TLS protocols as well as general purpose cryptography functions"
 TERMUX_PKG_LICENSE="Apache-2.0"
 TERMUX_PKG_MAINTAINER="@termux"
-TERMUX_PKG_VERSION=1:3.5.0
-TERMUX_PKG_REVISION=1
+TERMUX_PKG_VERSION=1:3.5.1
 TERMUX_PKG_SRCURL=https://github.com/openssl/openssl/releases/download/openssl-${TERMUX_PKG_VERSION:2}/openssl-${TERMUX_PKG_VERSION:2}.tar.gz
-TERMUX_PKG_SHA256=344d0a79f1a9b08029b0744e2cc401a43f9c90acd1044d09a530b4885a8e9fc0
+TERMUX_PKG_SHA256=529043b15cffa5f36077a4d0af83f3de399807181d607441d734196d889b641f
 TERMUX_PKG_AUTO_UPDATE=false
 TERMUX_PKG_DEPENDS="ca-certificates, zlib"
 TERMUX_PKG_CONFFILES="etc/tls/openssl.cnf"