diff --git a/openssl.yaml b/openssl.yaml
index 0856dfc736c..090cd7254fb 100644
--- a/openssl.yaml
+++ b/openssl.yaml
@@ -1,7 +1,7 @@
 package:
   name: openssl
   version: 3.1.1
-  epoch: 0
+  epoch: 1
   description: "the OpenSSL cryptography suite"
   copyright:
     - license: Apache-2.0
@@ -74,6 +74,17 @@ pipeline:
 
   - uses: strip
 
+  # The fipsmodule.cnf generated by the OpenSSL build system is incorrect.
+  # Regenerate it ourselves.
+  - if: ${{options.fips.enabled}} == 'true'
+    runs: |
+      rm -f ${{targets.destdir}}/etc/ssl/fipsmodule.cnf
+
+      LD_LIBRARY_PATH="${{targets.destdir}}/usr/lib" \
+        ${{targets.destdir}}/usr/bin/openssl fipsinstall \
+          -module ${{targets.destdir}}/usr/lib/ossl-modules/fips.so \
+          -out ${{targets.destdir}}/etc/ssl/fipsmodule.cnf
+
 data:
   - name: engines
     items:
diff --git a/openssl/fips-preamble.cnf b/openssl/fips-preamble.cnf
index 7d3fd24d842..ee3afc93a4f 100644
--- a/openssl/fips-preamble.cnf
+++ b/openssl/fips-preamble.cnf
@@ -9,9 +9,9 @@ alg_section = algorithm_sect
 
 [provider_sect]
 fips = fips_sect
-base = base_sect
+default = default_sect
 
-[base_sect]
+[default_sect]
 activate = 1
 
 [algorithm_sect]