diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 867f0205..3d4e9d04 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -251,7 +251,6 @@ fedora/valgrind/libgcrypt:
   variables:
     CMAKE_ADDITIONAL_OPTIONS: -DWITH_GCRYPT=ON
   extends: .valgrind
-  allow_failure: true
 
 # Address sanitizer doesn't mix well with LD_PRELOAD used in the testsuite
 # so, this is only enabled for unit tests right now.
diff --git a/tests/valgrind.supp b/tests/valgrind.supp
index 90255ad4..31dc984c 100644
--- a/tests/valgrind.supp
+++ b/tests/valgrind.supp
@@ -163,9 +163,7 @@
    fun:ssh_crypto_init
    fun:_ssh_init
    fun:libssh_constructor
-   fun:call_init
-   fun:__libc_start_main@@GLIBC_2.34
-   fun:(below main)
+   ...
 }
 {
    randomize in libgcrypt keeps some memory around
@@ -173,10 +171,6 @@
    match-leak-kinds: reachable
    fun:malloc
    ...
-   fun:_gcry_xmalloc
-   fun:_gcry_xcalloc
-   fun:initialize.lto_priv.0
-   fun:_gcry_rngcsprng_randomize
    fun:ssh_get_random
    ...
 }
@@ -186,14 +180,24 @@
    match-leak-kinds: reachable
    fun:malloc
    ...
-   fun:_gcry_xmalloc
-   fun:_gcry_mpi_alloc
-   fun:_gcry_mpi_scan
-   fun:ec_p_init.lto_priv.0
-   ...
-   fun:_gcry_mpi_ec_internal_new
-   fun:ecc_sign.lto_priv.0
-   fun:_gcry_pk_sign
    fun:gcry_pk_sign
    ...
 }
+{
+   EC key operation allocs some reachable memory
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:gcry_pk_verify
+   ...
+}
+{
+   EC key generation allocs some reachable memory
+   Memcheck:Leak
+   match-leak-kinds: reachable
+   fun:malloc
+   ...
+   fun:gcry_pk_genkey
+   ...
+}