diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index bc8379795d0b..71a0db14ca0b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,7 +21,7 @@ env:
 
 jobs:
   linux:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       fail-fast: false
       matrix:
@@ -70,7 +70,7 @@ jobs:
             ~/.cargo/registry/src/
             ~/.cargo/git/db/
             src/rust/target/
-          key: ${{ runner.os }}-${{ matrix.PYTHON.VERSION }}-${{ steps.setup-python.outputs.python-version }}-cargo-3-${{ hashFiles('**/Cargo.lock') }}
+          key: ${{ runner.os }}-${{ matrix.PYTHON.VERSION }}-${{ steps.setup-python.outputs.python-version }}-cargo-4-${{ hashFiles('**/Cargo.lock') }}
 
       - uses: actions/checkout@v3.0.2
         timeout-minutes: 3
@@ -99,7 +99,7 @@ jobs:
           path: ${{ github.workspace }}/osslcache
           # When altering the openssl build process you may need to increment the value on the end of this cache key
           # so that you can prevent it from fetching the cache and skipping the build step.
-          key: ${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-${{ env.CONFIG_HASH }}-2
+          key: ${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-${{ env.CONFIG_HASH }}-3
         if: matrix.PYTHON.OPENSSL
       - name: Build custom OpenSSL/LibreSSL
         run: .github/workflows/build_openssl.sh
@@ -140,7 +140,7 @@ jobs:
           - {IMAGE: "ubuntu-focal", TOXENV: "py38"}
           - {IMAGE: "ubuntu-jammy", TOXENV: "py310"}
           - {IMAGE: "ubuntu-rolling", TOXENV: "py310"}
-          - {IMAGE: "fedora", TOXENV: "py310"}
+          - {IMAGE: "fedora", TOXENV: "py311"}
           - {IMAGE: "alpine", TOXENV: "py310"}
     name: "${{ matrix.IMAGE.TOXENV }} on ${{ matrix.IMAGE.IMAGE }}"
     timeout-minutes: 15
@@ -502,7 +502,7 @@ jobs:
           import pkg_resources
           import shutil
           import urllib.request
-          
+
           d = pkg_resources.get_distribution("cryptography")
           with urllib.request.urlopen("https://pypi.org/pypi/cryptography/json") as r:
               latest_version = json.load(r)["info"]["version"]
diff --git a/src/_cffi_src/openssl/crypto.py b/src/_cffi_src/openssl/crypto.py
index 4f1d29dcb0a1..fb95646452ec 100644
--- a/src/_cffi_src/openssl/crypto.py
+++ b/src/_cffi_src/openssl/crypto.py
@@ -75,7 +75,7 @@
 # define OPENSSL_DIR             SSLEAY_DIR
 #endif
 
-#if CRYPTOGRAPHY_IS_LIBRESSL
+#if CRYPTOGRAPHY_LIBRESSL_LESS_THAN_360
 static const long Cryptography_HAS_OPENSSL_CLEANUP = 0;
 void (*OPENSSL_cleanup)(void) = NULL;
 #else
diff --git a/src/_cffi_src/openssl/cryptography.py b/src/_cffi_src/openssl/cryptography.py
index f92dd2a0a2d9..44a69cd88f96 100644
--- a/src/_cffi_src/openssl/cryptography.py
+++ b/src/_cffi_src/openssl/cryptography.py
@@ -47,12 +47,15 @@
     (LIBRESSL_VERSION_NUMBER < 0x3040000f)
 #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 \
     (LIBRESSL_VERSION_NUMBER < 0x3050000f)
+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_360 \
+    (LIBRESSL_VERSION_NUMBER < 0x3060000f)
 
 #else
 #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_322 (0)
 #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_332 (0)
 #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_340 (0)
 #define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 (0)
+#define CRYPTOGRAPHY_LIBRESSL_LESS_THAN_360 (0)
 #endif
 
 #if OPENSSL_VERSION_NUMBER < 0x10100000
diff --git a/src/cryptography/hazmat/primitives/serialization/ssh.py b/src/cryptography/hazmat/primitives/serialization/ssh.py
index e06b8230d29e..7125badb403d 100644
--- a/src/cryptography/hazmat/primitives/serialization/ssh.py
+++ b/src/cryptography/hazmat/primitives/serialization/ssh.py
@@ -174,7 +174,9 @@ class _FragList:
 
     flist: typing.List[bytes]
 
-    def __init__(self, init: typing.List[bytes] = None) -> None:
+    def __init__(
+        self, init: typing.Optional[typing.List[bytes]] = None
+    ) -> None:
         self.flist = []
         if init:
             self.flist.extend(init)
diff --git a/tests/hazmat/primitives/test_ec.py b/tests/hazmat/primitives/test_ec.py
index 707d23360743..e4844869c9c5 100644
--- a/tests/hazmat/primitives/test_ec.py
+++ b/tests/hazmat/primitives/test_ec.py
@@ -479,7 +479,9 @@ def test_load_invalid_ec_key_from_pem(self, backend):
         # BoringSSL rejects infinity points before it ever gets to us, so it
         # uses a more generic error message.
         match = (
-            "infinity" if not backend._lib.CRYPTOGRAPHY_IS_BORINGSSL else None
+            r"infinity|invalid form"
+            if not backend._lib.CRYPTOGRAPHY_IS_BORINGSSL
+            else None
         )
         with pytest.raises(ValueError, match=match):
             serialization.load_pem_public_key(
diff --git a/tests/test_interfaces.py b/tests/test_interfaces.py
index 302edb93e3bf..3e0933447fc4 100644
--- a/tests/test_interfaces.py
+++ b/tests/test_interfaces.py
@@ -58,7 +58,7 @@ def property(self):
     def test_signature_mismatch(self):
         class SimpleInterface(metaclass=abc.ABCMeta):
             @abc.abstractmethod
-            def method(self, other: object) -> int:
+            def method(self, other: object):
                 """Method with signature"""
 
         class ClassWithoutSignature:
@@ -66,7 +66,7 @@ def method(self, other):
                 """Method without signature"""
 
         class ClassWithSignature:
-            def method(self, other: object) -> int:
+            def method(self, other: object):
                 """Method with signature"""
 
         verify_interface(SimpleInterface, ClassWithoutSignature)