diff --git a/config/patches/openresty/openssl-3.2.4-compatibility.patch b/config/patches/openresty/openssl-3.2.4-compatibility.patch
new file mode 100644
index 000000000..9a3a30bd2
--- /dev/null
+++ b/config/patches/openresty/openssl-3.2.4-compatibility.patch
@@ -0,0 +1,19 @@
+diff --git a/auto/lib/openssl/conf b/auto/lib/openssl/conf
+index 8d0c9a35..8eda6f37 100644
+--- a/auto/lib/openssl/conf
++++ b/auto/lib/openssl/conf
+@@ -96,6 +96,14 @@ else
+     have=NGX_OPENSSL . auto/have
+ 
+     have=NGX_SSL . auto/have
++
++    # Set default SSL cipher suite that's compatible with OpenSSL 3.2.x
++    cat >> $NGX_AUTO_CONFIG_H << END
++
++#ifndef NGX_DEFAULT_CIPHERS
++#define NGX_DEFAULT_CIPHERS "HIGH:!aNULL:!MD5:!RC4:!DES:!EXPORT:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
++#endif
++END
+ fi
+ 
+ 
diff --git a/config/software/nokogiri.rb b/config/software/nokogiri.rb
index f9412f7db..989f79051 100644
--- a/config/software/nokogiri.rb
+++ b/config/software/nokogiri.rb
@@ -60,13 +60,17 @@
   gem_command = [ "install nokogiri" ]
   gem_command << "--version '#{version}'" unless version.nil?
 
+  # Force nokogiri to use ruby platform regardless of platform
+  # This ensures compatibility with systems that have older glibc versions
+  gem_command << "--platform=ruby"
+  
   # windows uses the 'fat' precompiled binaries'
   unless using_prebuilt_ruby
     # Tell nokogiri to use the system libraries instead of compiling its own
     env["NOKOGIRI_USE_SYSTEM_LIBRARIES"] = "true"
+    env["FORCE_NOKOGIRI_PLATFORM"] = "ruby"
 
     gem_command += [
-      "--platform ruby",
       "--conservative",
       "--minimal-deps",
       "--",
diff --git a/config/software/openresty.rb b/config/software/openresty.rb
index db714d8a5..a56658238 100644
--- a/config/software/openresty.rb
+++ b/config/software/openresty.rb
@@ -18,7 +18,7 @@
 license "BSD-2-Clause"
 license_file "README.markdown"
 skip_transitive_dependency_licensing true
-default_version "1.21.4.1"
+default_version "1.27.1.2"
 
 dependency "pcre"
 dependency "openssl"
@@ -26,6 +26,7 @@
 dependency "lua" if ppc64? || ppc64le? || s390x?
 
 # versions_list: https://openresty.org/download/ filter=*.tar.gz
+version("1.27.1.2")    { source sha256: "74f076f7e364b2a99a6c5f9bb531c27610c78985abe956b442b192a2295f7548" }
 version("1.25.3.1")    { source sha256: "32ec1a253a5a13250355a075fe65b7d63ec45c560bbe213350f0992a57cd79df" }
 version("1.21.4.2")    { source sha256: "5b1eded25c1d4ed76c0336dfae50bd94d187af9c85ead244135dd5ae363b2e2a" }
 version("1.21.4.1")    { source sha256: "0c5093b64f7821e85065c99e5d4e6cc31820cfd7f37b9a0dec84209d87a2af99" }
@@ -48,6 +49,11 @@
   env = with_standard_compiler_flags(with_embedded_path)
   env["PATH"] += "#{env["PATH"]}:/usr/sbin:/sbin"
 
+  # Apply patch for OpenSSL 3.2.4 compatibility
+  if version.satisfies?(">= 1.25")
+    patch source: "openssl-3.2.4-compatibility.patch", plevel: 1
+  end
+
   configure = [
     "./configure",
     "--prefix=#{install_dir}/embedded",