diff --git a/LibGit2Sharp/Core/NativeMethods.cs b/LibGit2Sharp/Core/NativeMethods.cs
index cf717138d..d78921d59 100644
--- a/LibGit2Sharp/Core/NativeMethods.cs
+++ b/LibGit2Sharp/Core/NativeMethods.cs
@@ -102,12 +102,37 @@ private static IntPtr ResolveDll(string libraryName, Assembly assembly, DllImpor
                 // libc/OpenSSL libraries. Try them out.
                 if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux))
                 {
-                    // The libraries are located at 'runtimes/<rid>/native/lib{libraryName}.so'
-                    // The <rid> ends with the processor architecture. e.g. fedora-x64.
                     string assemblyDirectory = Path.GetDirectoryName(AppContext.BaseDirectory);
                     string processorArchitecture = RuntimeInformation.ProcessArchitecture.ToString().ToLowerInvariant();
                     string runtimesDirectory = Path.Combine(assemblyDirectory, "runtimes");
 
+                    // The default libgit2 binary is linked against OpenSSL 3. On hosts that have only
+                    // libcrypto.so.1.1 fall back to the OpenSSL-1.1 variant shipped alongside it. We probe
+                    // both layouts: flat (self-contained publish copies natives next to the assembly) and
+                    // 'runtimes/<rid>/native/' (framework-dependent / build output).
+                    if (!NativeLibrary.TryLoad("libcrypto.so.3", out _) && NativeLibrary.TryLoad("libcrypto.so.1.1", out _))
+                    {
+                        string variantFile = $"lib{libraryName}-openssl1.1.so";
+
+                        string flatVariantPath = Path.Combine(assemblyDirectory, variantFile);
+                        if (NativeLibrary.TryLoad(flatVariantPath, out handle))
+                        {
+                            return handle;
+                        }
+
+                        if (Directory.Exists(runtimesDirectory))
+                        {
+                            foreach (var runtimeFolder in Directory.GetDirectories(runtimesDirectory, $"*-{processorArchitecture}"))
+                            {
+                                string variantPath = Path.Combine(runtimeFolder, "native", variantFile);
+                                if (NativeLibrary.TryLoad(variantPath, out handle))
+                                {
+                                    return handle;
+                                }
+                            }
+                        }
+                    }
+
                     if (Directory.Exists(runtimesDirectory))
                     {
                         foreach (var runtimeFolder in Directory.GetDirectories(runtimesDirectory, $"*-{processorArchitecture}"))
diff --git a/LibGit2Sharp/LibGit2Sharp.csproj b/LibGit2Sharp/LibGit2Sharp.csproj
index befb596eb..3526c8c7c 100644
--- a/LibGit2Sharp/LibGit2Sharp.csproj
+++ b/LibGit2Sharp/LibGit2Sharp.csproj
@@ -30,7 +30,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Octopus.LibGit2Sharp.NativeBinaries" Version="2.0.323-octopus.2" PrivateAssets="none" />
+    <PackageReference Include="Octopus.LibGit2Sharp.NativeBinaries" Version="2.0.323-octopus.2.octopus-em-build-for.48" PrivateAssets="none" />
     <PackageReference Include="MinVer" Version="6.0.0" PrivateAssets="all" />
   </ItemGroup>
 
diff --git a/LibGit2Sharp/SshUserKeyCredentials.cs b/LibGit2Sharp/SshKeyCredentials.cs
similarity index 87%
rename from LibGit2Sharp/SshUserKeyCredentials.cs
rename to LibGit2Sharp/SshKeyCredentials.cs
index d7629961e..eb61d2ad9 100644
--- a/LibGit2Sharp/SshUserKeyCredentials.cs
+++ b/LibGit2Sharp/SshKeyCredentials.cs
@@ -6,7 +6,7 @@ namespace LibGit2Sharp
     /// <summary>
     /// Class that holds SSH username with key credentials for remote repository access.
     /// </summary>
-    public sealed class SshUserKeyCredentials : Credentials
+    public sealed class SshKeyCredentials : Credentials
     {
         /// <summary>
         /// Callback to acquire a credential object.
@@ -20,11 +20,6 @@ protected internal override int GitCredentialHandler(out IntPtr cred)
                 throw new InvalidOperationException("SshUserKeyCredentials contains a null Username.");
             }
 
-            if (Passphrase == null)
-            {
-                throw new InvalidOperationException("SshUserKeyCredentials contains a null Passphrase.");
-            }
-
             if (PrivateKey == null)
             {
                 throw new InvalidOperationException("SshUserKeyCredentials contains a null PrivateKey.");
diff --git a/LibGit2Sharp/SshUserKeyMemoryCredentials.cs b/LibGit2Sharp/SshKeyMemoryCredentials.cs
similarity index 87%
rename from LibGit2Sharp/SshUserKeyMemoryCredentials.cs
rename to LibGit2Sharp/SshKeyMemoryCredentials.cs
index 0ca851f9d..38c2a50b6 100644
--- a/LibGit2Sharp/SshUserKeyMemoryCredentials.cs
+++ b/LibGit2Sharp/SshKeyMemoryCredentials.cs
@@ -6,7 +6,7 @@ namespace LibGit2Sharp
     /// <summary>
     /// Class that holds SSH username with in-memory key credentials for remote repository access.
     /// </summary>
-    public sealed class SshUserKeyMemoryCredentials : Credentials
+    public sealed class SshKeyMemoryCredentials : Credentials
     {
         /// <summary>
         /// Callback to acquire a credential object.
@@ -20,11 +20,6 @@ protected internal override int GitCredentialHandler(out IntPtr cred)
                 throw new InvalidOperationException("SshUserKeyMemoryCredentials contains a null Username.");
             }
 
-            if (Passphrase == null)
-            {
-                throw new InvalidOperationException("SshUserKeyMemoryCredentials contains a null Passphrase.");
-            }
-
             if (PrivateKey == null)
             {
                 throw new InvalidOperationException("SshUserKeyMemoryCredentials contains a null PrivateKey.");