diff --git a/recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch b/recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch
new file mode 100644
index 0000000..387027f
--- /dev/null
+++ b/recipes-connectivity/opendds/opendds/0002-gov-gen-uses-openssl-API-incorrectly.patch
@@ -0,0 +1,58 @@
+From 5a9bc8545f771742e48d31e1635e15f156cc9c17 Mon Sep 17 00:00:00 2001
+From: "Justin R. Wilson" <wilsonj@unityfoundation.io>
+Date: Wed, 17 Apr 2024 12:59:03 -0500
+Subject: [PATCH] `gov_gen` uses openssl API incorrectly
+
+Problem
+-------
+
+The `gov_gen` application generates governance files for testing and
+signs them with openssl.  `gov_gen` has a bug on Debian
+12.5 (openssl 3.0.11) where a null argument is passed.
+
+Solution
+--------
+
+Pass `mem` as the "in"" parameter and use `PKCS7_STREAM`.
+
+Upstream-Status: Backport [https://github.com/OpenDDS/OpenDDS/commit/270cae56421462db367cbe8d89cccd752108dd20]
+
+---
+ docs/news.d/gov-gen.rst               | 5 +++++
+ tests/security/attributes/gov_gen.cpp | 4 ++--
+ 2 files changed, 7 insertions(+), 2 deletions(-)
+ create mode 100644 docs/news.d/gov-gen.rst
+
+diff --git a/docs/news.d/gov-gen.rst b/docs/news.d/gov-gen.rst
+new file mode 100644
+index 0000000000..4a628c1659
+--- /dev/null
++++ b/docs/news.d/gov-gen.rst
+@@ -0,0 +1,5 @@
++.. news-prs: 4591
++
++.. news-start-section: Fixes
++- Fixed incorrect usage of OpenSSL in ``gov_gen`` application.
++.. news-end-section
+diff --git a/tests/security/attributes/gov_gen.cpp b/tests/security/attributes/gov_gen.cpp
+index ee1adbdf44..b35dd89ed4 100644
+--- a/tests/security/attributes/gov_gen.cpp
++++ b/tests/security/attributes/gov_gen.cpp
+@@ -403,7 +403,7 @@ int ACE_TMAIN(int argc, ACE_TCHAR* argv[])
+     return EXIT_FAILURE;
+   }
+ 
+-  PKCS7* p7 = PKCS7_sign(cert, key, NULL, NULL, PKCS7_TEXT | PKCS7_DETACHED);
++  PKCS7* p7 = PKCS7_sign(cert, key, NULL, mem, PKCS7_TEXT | PKCS7_DETACHED | PKCS7_STREAM);
+   if (!p7) {
+     std::cerr << "ERROR: could not sign" << std::endl;
+     print_ssl_error();
+@@ -418,7 +418,7 @@ int ACE_TMAIN(int argc, ACE_TCHAR* argv[])
+ 
+   }
+ 
+-  if (!SMIME_write_PKCS7(out, p7, mem, PKCS7_TEXT | PKCS7_DETACHED)) {
++  if (!SMIME_write_PKCS7(out, p7, mem, PKCS7_TEXT | PKCS7_DETACHED | PKCS7_STREAM)) {
+     std::cerr << "ERROR: could not write " << outpath << std::endl;
+     print_ssl_error();
+     return EXIT_FAILURE;
diff --git a/recipes-connectivity/opendds/opendds_3.28.0.bb b/recipes-connectivity/opendds/opendds_3.28.0.bb
index 9e72ff8..dea7ddf 100644
--- a/recipes-connectivity/opendds/opendds_3.28.0.bb
+++ b/recipes-connectivity/opendds/opendds_3.28.0.bb
@@ -12,6 +12,7 @@ SRC_URI = "\
     git://github.com/OpenDDS/OpenDDS.git;protocol=https;branch=${DDS_SRC_BRANCH};name=opendds \
     ${@bb.utils.contains('PACKAGECONFIG', 'doc-group3', '${DOC_TAO3_URI};name=ace_tao;unpack=0;subdir=git', '${DOC_TAO2_URI};name=ace_tao;unpack=0;subdir=git', d)} \
     ${@bb.utils.contains('PACKAGECONFIG', 'ishapes', 'file://0001-adding-the-ishapes-demo.patch', '', d)} \
+    file://0002-gov-gen-uses-openssl-API-incorrectly.patch \
 "
 
 require opendds.inc