diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ae7fb8a4d..4dbb45cc6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,7 +10,7 @@ on:
 jobs:
   linux:
     name: Linux (${{ matrix.backend }})
-    runs-on: ubuntu-20.04 # for OpenSSL 1.1.1
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:
@@ -23,6 +23,13 @@ jobs:
         run: |
           sudo apt update -qq
           sudo apt install libcppunit-dev libbotan-2-dev p11-kit
+          # Replace installed OpenSSL with the supported version 1.1.1
+          curl -O http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.24_amd64.deb
+          curl -O http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_1.1.1f-1ubuntu2.24_amd64.deb
+          curl -O http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_1.1.1f-1ubuntu2.24_amd64.deb
+          sudo dpkg -i --force-confnew openssl_1.1.1f-1ubuntu2.24_amd64.deb \
+                                       libssl1.1_1.1.1f-1ubuntu2.24_amd64.deb \
+                                       libssl-dev_1.1.1f-1ubuntu2.24_amd64.deb
       - name: Build
         env:
           CXXFLAGS: -Werror -DBOTAN_NO_DEPRECATED_WARNINGS
diff --git a/src/lib/test/ForkTests.cpp b/src/lib/test/ForkTests.cpp
index b6b113a5b..0c85c840a 100644
--- a/src/lib/test/ForkTests.cpp
+++ b/src/lib/test/ForkTests.cpp
@@ -40,6 +40,7 @@
 #include "osmutex.h"
 
 #include <sys/types.h>
+#include <sys/wait.h>
 #include <unistd.h>
 
 CPPUNIT_TEST_SUITE_REGISTRATION(ForkTests);
@@ -64,6 +65,7 @@ void ForkTests::testFork()
 {
 	CK_RV rv;
 	pid_t pid;
+	int status;
 
 	// Just make sure that we finalize any previous failed tests
 	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
@@ -78,12 +80,20 @@ void ForkTests::testFork()
 			CPPUNIT_FAIL("Fork failed");
 			break;
 		case 0:
+			/* For the child, the token is expected to still be initialized. */
 			rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
 			CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_ALREADY_INITIALIZED);
+			rv = CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
+			CPPUNIT_ASSERT(rv == CKR_OK);
+			_exit(EXIT_SUCCESS);
 			break;
 		default:
+			/* For the parent, the token is expected to still be initialized. */
 			rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
 			CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_ALREADY_INITIALIZED);
+			/* Wait for the child process to finish and check its status. */
+			CPPUNIT_ASSERT(waitpid(pid, &status, 0) == pid);
+			CPPUNIT_ASSERT(WIFEXITED(status) && WEXITSTATUS(status) == EXIT_SUCCESS);
 			break;
 	}
 
@@ -95,6 +105,7 @@ void ForkTests::testResetOnFork()
 {
 	CK_RV rv;
 	pid_t pid;
+	int status;
 
 	// Just make sure that we finalize any previous failed tests
 	CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
@@ -118,11 +129,17 @@ void ForkTests::testResetOnFork()
 			/* For the child, the token is expected to be reset on fork */
 			rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
 			CPPUNIT_ASSERT(rv == CKR_OK);
+			rv = CRYPTOKI_F_PTR( C_Finalize(NULL_PTR) );
+			CPPUNIT_ASSERT(rv == CKR_OK);
+			_exit(EXIT_SUCCESS);
 			break;
 		default:
 			/* For the parent, the token is expected to be still initialized */
 			rv = CRYPTOKI_F_PTR( C_Initialize(NULL_PTR) );
 			CPPUNIT_ASSERT(rv == CKR_CRYPTOKI_ALREADY_INITIALIZED);
+			/* Wait for the child process to finish and check its status. */
+			CPPUNIT_ASSERT(waitpid(pid, &status, 0) == pid);
+			CPPUNIT_ASSERT(WIFEXITED(status) && WEXITSTATUS(status) == EXIT_SUCCESS);
 			break;
 	}