diff --git a/pkgs/development/libraries/openssl/3.0/legacy.cnf b/pkgs/development/libraries/openssl/3/legacy.cnf
similarity index 100%
rename from pkgs/development/libraries/openssl/3.0/legacy.cnf
rename to pkgs/development/libraries/openssl/3/legacy.cnf
diff --git a/pkgs/development/libraries/openssl/3.0/nix-ssl-cert-file.patch b/pkgs/development/libraries/openssl/3/nix-ssl-cert-file.patch
similarity index 100%
rename from pkgs/development/libraries/openssl/3.0/nix-ssl-cert-file.patch
rename to pkgs/development/libraries/openssl/3/nix-ssl-cert-file.patch
diff --git a/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch b/pkgs/development/libraries/openssl/3/openssl-disable-kernel-detection.patch
similarity index 100%
rename from pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch
rename to pkgs/development/libraries/openssl/3/openssl-disable-kernel-detection.patch
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 30124d10e7984..be39a202583d4 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -21,14 +21,14 @@
 # files.
 
 let
-  common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }:
+  common = { version, hash, patches ? [], withDocs ? false, extraMeta ? {} }:
    stdenv.mkDerivation (finalAttrs: {
     pname = "openssl";
     inherit version;
 
     src = fetchurl {
       url = "https://www.openssl.org/source/${finalAttrs.pname}-${version}.tar.gz";
-      inherit sha256;
+      inherit hash;
     };
 
     inherit patches;
@@ -229,7 +229,7 @@ in {
 
   openssl_1_1 = common {
     version = "1.1.1t";
-    sha256 = "sha256-je6bJL2x3L8MPR6bAvuPa/IhZegH9Fret8lndTaFnTs=";
+    hash = "sha256-je6bJL2x3L8MPR6bAvuPa/IhZegH9Fret8lndTaFnTs=";
     patches = [
       ./1.1/nix-ssl-cert-file.patch
 
@@ -241,14 +241,14 @@ in {
   };
 
   openssl_3 = common {
-    version = "3.0.8";
-    sha256 = "sha256-bBPSvzj98x6sPOKjRwc2c/XWMmM5jx9p0N9KQSU+Sz4=";
+    version = "3.1.0";
+    hash = "sha256-qqklrZgodFxMrZ2e/rJz3sqCDyzc8sOsfXwSErfEl7Q=";
     patches = [
-      ./3.0/nix-ssl-cert-file.patch
+      ./3/nix-ssl-cert-file.patch
 
       # openssl will only compile in KTLS if the current kernel supports it.
       # This patch disables build-time detection.
-      ./3.0/openssl-disable-kernel-detection.patch
+      ./3/openssl-disable-kernel-detection.patch
 
       (if stdenv.hostPlatform.isDarwin
        then ./use-etc-ssl-certs-darwin.patch
diff --git a/pkgs/development/libraries/quictls/default.nix b/pkgs/development/libraries/quictls/default.nix
index a9c07232035f9..3b20ed94d14b4 100644
--- a/pkgs/development/libraries/quictls/default.nix
+++ b/pkgs/development/libraries/quictls/default.nix
@@ -22,11 +22,11 @@ stdenv.mkDerivation rec {
   };
 
   patches = [
-    ../openssl/3.0/nix-ssl-cert-file.patch
+    ../openssl/3/nix-ssl-cert-file.patch
 
     # openssl will only compile in KTLS if the current kernel supports it.
     # This patch disables build-time detection.
-    ../openssl/3.0/openssl-disable-kernel-detection.patch
+    ../openssl/3/openssl-disable-kernel-detection.patch
 
     (if stdenv.hostPlatform.isDarwin
       then ../openssl/use-etc-ssl-certs-darwin.patch
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 35fac7591d006..a2e96cc70bf69 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -22856,7 +22856,7 @@ with pkgs;
   openssl = openssl_3;
 
   openssl_legacy = openssl.override {
-    conf = ../development/libraries/openssl/3.0/legacy.cnf;
+    conf = ../development/libraries/openssl/3/legacy.cnf;
   };
 
   inherit (callPackages ../development/libraries/openssl { })