diff --git a/scenarios/tls.benchmarks.yml b/scenarios/tls.benchmarks.yml
index e8219b8e3..2d8bd9ac1 100644
--- a/scenarios/tls.benchmarks.yml
+++ b/scenarios/tls.benchmarks.yml
@@ -1,5 +1,4 @@
 imports:
-  - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.Wrk/wrk.yml
   - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.Bombardier/bombardier.yml
   - https://raw.githubusercontent.com/dotnet/crank/main/src/Microsoft.Crank.Jobs.HttpClient/httpclient.yml
   - https://github.com/aspnet/Benchmarks/blob/main/scenarios/aspnet.profiles.yml?raw=true
@@ -42,6 +41,23 @@ jobs:
       logRequestDetails: false
     arguments: "--urls https://{{serverAddress}}:{{serverPort}} --mTLS {{mTLS}} --certValidationConsoleEnabled {{certValidationConsoleEnabled}} --tlsProtocols {{tlsProtocols}} --statsEnabled {{statsEnabled}} --tlsRenegotiation {{tlsRenegotiation}} --logRequestDetails {{logRequestDetails}}"
 
+  dockerLinuxKestrelServer:
+    sources:
+      dockerKestrel:
+        repository: https://github.com/aspnet/benchmarks.git
+        branchOrCommit: main
+    dockerFile: dockerKestrel/src/BenchmarksApps/TLS/Kestrel/Dockerfile
+    dockerImageName: dockerKestrel
+    dockerContextDirectory: dockerKestrel/src/BenchmarksApps/TLS/Kestrel
+    port: 8080
+    readyStateText: Application started.
+    environmentVariables:
+      urls: "https://*:8080" # any ip, port 8080
+      mTLS: false
+      tlsRenegotiation: false
+      certValidationConsoleEnabled: false
+      statsEnabled: false  
+
 scenarios:
 
 # HTTP.SYS
@@ -145,4 +161,59 @@ scenarios:
         serverScheme: https
         certPath: https://raw.githubusercontent.com/aspnet/Benchmarks/refs/heads/main/src/BenchmarksApps/TLS/Kestrel/testCert.pfx
         certPwd: testPassword
+        sslProtocol: tls12
+
+# Kestrel in Docker
+  tls-handshakes-docker-openssl-332:
+    application:
+      job: dockerLinuxKestrelServer
+      buildArguments: 
+        # openssl version to install
+        - OPENSSL_VERSION="3.3.2-r4"
+        # lookup for openssl+branch version here https://pkgs.alpinelinux.org/packages?name=openssl&branch=v3.20&repo=&arch=x86_64
+        - ALPINE_BRANCH="v3.21"
+    load:
+      job: httpclient
+      variables:
+        path: /hello-world
+        serverPort: 8080
+        presetHeaders: connectionclose
+        connections: 32
+        serverScheme: https
+        sslProtocol: tls12
+
+  tls-handshakes-docker-openssl-111:
+    application:
+      job: dockerLinuxKestrelServer
+      buildArguments: 
+        # openssl version to install
+        - OPENSSL_VERSION="1.1.1w-r1"
+        # lookup for openssl+branch version here https://pkgs.alpinelinux.org/packages?name=openssl&branch=v3.20&repo=&arch=x86_64
+        - ALPINE_BRANCH="v3.16"
+    load:
+      job: httpclient
+      variables:
+        path: /hello-world
+        serverPort: 8080
+        presetHeaders: connectionclose
+        connections: 32
+        serverScheme: https
+        sslProtocol: tls12
+
+  tls-handshakes-docker-openssl-3015:
+    application:
+      job: dockerLinuxKestrelServer
+      buildArguments: 
+        # openssl version to install
+        - OPENSSL_VERSION="3.0.15-r1"
+        # lookup for openssl+branch version here https://pkgs.alpinelinux.org/packages?name=openssl&branch=v3.20&repo=&arch=x86_64
+        - ALPINE_BRANCH="v3.17"
+    load:
+      job: httpclient
+      variables:
+        path: /hello-world
+        serverPort: 8080
+        presetHeaders: connectionclose
+        connections: 32
+        serverScheme: https
         sslProtocol: tls12
\ No newline at end of file
diff --git a/src/BenchmarksApps/TLS/Kestrel/.dockerignore b/src/BenchmarksApps/TLS/Kestrel/.dockerignore
new file mode 100644
index 000000000..fe1152bdb
--- /dev/null
+++ b/src/BenchmarksApps/TLS/Kestrel/.dockerignore
@@ -0,0 +1,30 @@
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/azds.yaml
+**/bin
+**/charts
+**/docker-compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md
+!**/.gitignore
+!.git/HEAD
+!.git/config
+!.git/packed-refs
+!.git/refs/heads/**
\ No newline at end of file
diff --git a/src/BenchmarksApps/TLS/Kestrel/Dockerfile b/src/BenchmarksApps/TLS/Kestrel/Dockerfile
new file mode 100644
index 000000000..3be617b54
--- /dev/null
+++ b/src/BenchmarksApps/TLS/Kestrel/Dockerfile
@@ -0,0 +1,38 @@
+# This stage is used when running from VS in fast mode (Default for Debug configuration)
+FROM mcr.microsoft.com/dotnet/aspnet:9.0-alpine AS base
+USER root
+WORKDIR /app
+EXPOSE 8080
+EXPOSE 8081
+
+# Define a build argument for the OpenSSL version
+# lookup for openssl+branch version here https://pkgs.alpinelinux.org/packages?name=openssl&branch=v3.20&repo=&arch=x86_64
+ARG OPENSSL_VERSION=1.1.1w-r1
+ARG ALPINE_BRANCH=v3.16
+
+# Add the specified Alpine branch repository and install OpenSSL
+RUN echo "http://dl-cdn.alpinelinux.org/alpine/${ALPINE_BRANCH}/main" >> /etc/apk/repositories && \
+    apk add --no-cache openssl=${OPENSSL_VERSION} wget perl build-base && \
+    rm -rf /var/lib/apt/lists/*
+
+# This stage is used to build the service project
+FROM mcr.microsoft.com/dotnet/sdk:9.0-alpine AS build
+ARG BUILD_CONFIGURATION=Release
+WORKDIR /src
+COPY ["Kestrel.csproj", "."]
+RUN dotnet restore "./Kestrel.csproj"
+COPY . .
+WORKDIR "/src/."
+RUN dotnet build "./Kestrel.csproj" -c $BUILD_CONFIGURATION -o /app/build
+
+# This stage is used to publish the service project to be copied to the final stage
+FROM build AS publish
+ARG BUILD_CONFIGURATION=Release
+RUN dotnet publish "./Kestrel.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
+
+# This stage is used in production or when running from VS in regular mode (Default when not using the Debug configuration)
+FROM base AS final
+WORKDIR /app
+COPY --from=publish /app/publish .
+
+ENTRYPOINT [ "dotnet", "Kestrel.dll" ]
\ No newline at end of file
diff --git a/src/BenchmarksApps/TLS/Kestrel/Kestrel.csproj b/src/BenchmarksApps/TLS/Kestrel/Kestrel.csproj
index f1158dd58..418d7adf5 100644
--- a/src/BenchmarksApps/TLS/Kestrel/Kestrel.csproj
+++ b/src/BenchmarksApps/TLS/Kestrel/Kestrel.csproj
@@ -4,10 +4,14 @@
     <TargetFramework>net9.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
+    <DockerDefaultTargetOS>Linux</DockerDefaultTargetOS>
+    <DockerfileContext>.</DockerfileContext>
+    <UserSecretsId>1b89f0d2-44eb-4070-94ec-e963a14ec8b0</UserSecretsId>
   </PropertyGroup>
 
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.Authentication.Certificate" Version="9.0.0" />
+    <PackageReference Include="Microsoft.VisualStudio.Azure.Containers.Tools.Targets" Version="1.21.0" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/BenchmarksApps/TLS/Kestrel/Program.cs b/src/BenchmarksApps/TLS/Kestrel/Program.cs
index 4d218dede..d4ad8ef25 100644
--- a/src/BenchmarksApps/TLS/Kestrel/Program.cs
+++ b/src/BenchmarksApps/TLS/Kestrel/Program.cs
@@ -1,5 +1,7 @@
+using System.Diagnostics;
 using System.Net;
 using System.Net.Security;
+using System.Runtime.InteropServices;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using Microsoft.AspNetCore.Authentication.Certificate;
@@ -9,6 +11,8 @@
 using Microsoft.AspNetCore.Server.Kestrel.Core;
 using Microsoft.AspNetCore.Server.Kestrel.Https;
 
+Console.WriteLine("Starting application...");
+
 var builder = WebApplication.CreateBuilder(args);
 builder.Logging.ClearProviders();
 
@@ -156,6 +160,7 @@ bool AllowAnyCertificateValidationWithLogging(X509Certificate2 certificate, X509
 await app.StartAsync();
 
 Console.WriteLine("Application Info:");
+LogOpenSSLVersion();
 if (mTlsEnabled)
 {
     Console.WriteLine($"\tmTLS is enabled (client cert is required)");
@@ -219,4 +224,30 @@ static IPEndPoint CreateIPEndPoint(UrlPrefix urlPrefix)
     }
 
     return protocols;
+}
+
+static void LogOpenSSLVersion()
+{
+    if (!(OperatingSystem.IsLinux() || OperatingSystem.IsMacOS()))
+    {
+        return;
+    }
+
+    using var process = new Process()
+    {
+        StartInfo =
+        {
+            FileName = "/usr/bin/env",
+            Arguments = "openssl version",
+            RedirectStandardOutput = true,
+            RedirectStandardError = true,
+            UseShellExecute = false,
+            CreateNoWindow = true
+        },
+    };
+
+    process.Start();
+    process.WaitForExit();
+    var output = process.StandardOutput.ReadToEnd();
+    Console.WriteLine(output);
 }
\ No newline at end of file
diff --git a/src/BenchmarksApps/TLS/Kestrel/Properties/launchSettings.json b/src/BenchmarksApps/TLS/Kestrel/Properties/launchSettings.json
index 1c7821006..afc0240db 100644
--- a/src/BenchmarksApps/TLS/Kestrel/Properties/launchSettings.json
+++ b/src/BenchmarksApps/TLS/Kestrel/Properties/launchSettings.json
@@ -1,15 +1,26 @@
-{
-  "$schema": "http://json.schemastore.org/launchsettings.json",
+{
   "profiles": {
     "https": {
       "commandName": "Project",
-      "dotnetRunMessages": true,
       "launchBrowser": true,
       "launchUrl": "hello-world",
-      "applicationUrl": "https://localhost:5000;http://localhost:5001",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
-      }
+      },
+      "dotnetRunMessages": true,
+      "applicationUrl": "https://localhost:5000;http://localhost:5001"
+    },
+    "Container (Dockerfile)": {
+      "commandName": "Docker",
+      "launchBrowser": true,
+      "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}/hello-world",
+      "environmentVariables": {
+        "ASPNETCORE_HTTPS_PORTS": "8080",
+        "ASPNETCORE_HTTP_PORTS": "8081"
+      },
+      "publishAllPorts": true,
+      "useSSL": true
     }
-  }
-}
+  },
+  "$schema": "http://json.schemastore.org/launchsettings.json"
+}
\ No newline at end of file