diff --git a/tests/client/torture_auth_pkcs11.c b/tests/client/torture_auth_pkcs11.c
index 0a77f107..15c0259c 100644
--- a/tests/client/torture_auth_pkcs11.c
+++ b/tests/client/torture_auth_pkcs11.c
@@ -240,6 +240,14 @@ int torture_run_tests(void) {
                                         session_teardown),
     };
 
+    /* Do not use system openssl.cnf for the pkcs11 uri tests.
+     * It can load a pkcs11 provider too early before we will set up environment
+     * variables that are needed for the pkcs11 provider to access correct
+     * tokens, causing unexpected failures.
+     * Make sure this comes before ssh_init(), which initializes OpenSSL!
+     */
+    setenv("OPENSSL_CONF", "/dev/null", 1);
+
     ssh_init();
     torture_filter_tests(tests);
     rc = cmocka_run_group_tests(tests, sshd_setup, sshd_teardown);
diff --git a/tests/unittests/torture_pki_ecdsa_uri.c b/tests/unittests/torture_pki_ecdsa_uri.c
index fd3088b8..48494278 100644
--- a/tests/unittests/torture_pki_ecdsa_uri.c
+++ b/tests/unittests/torture_pki_ecdsa_uri.c
@@ -563,6 +563,14 @@ int torture_run_tests(void) {
     ssh_session session = ssh_new();
     int verbosity = SSH_LOG_FUNCTIONS;
 
+    /* Do not use system openssl.cnf for the pkcs11 uri tests.
+     * It can load a pkcs11 provider too early before we will set up environment
+     * variables that are needed for the pkcs11 provider to access correct
+     * tokens, causing unexpected failures.
+     * Make sure this comes before ssh_init(), which initializes OpenSSL!
+     */
+    setenv("OPENSSL_CONF", "/dev/null", 1);
+
     ssh_init();
     ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
 
diff --git a/tests/unittests/torture_pki_rsa_uri.c b/tests/unittests/torture_pki_rsa_uri.c
index d57a002d..5c2429f7 100644
--- a/tests/unittests/torture_pki_rsa_uri.c
+++ b/tests/unittests/torture_pki_rsa_uri.c
@@ -285,7 +285,16 @@ torture_run_tests(void)
     ssh_session session = ssh_new();
     int verbosity = SSH_LOG_FUNCTIONS;
 
+    /* Do not use system openssl.cnf for the pkcs11 uri tests.
+     * It can load a pkcs11 provider too early before we will set up environment
+     * variables that are needed for the pkcs11 provider to access correct
+     * tokens, causing unexpected failures.
+     * Make sure this comes before ssh_init(), which initializes OpenSSL!
+     */
+    setenv("OPENSSL_CONF", "/dev/null", 1);
+
     ssh_options_set(session, SSH_OPTIONS_LOG_VERBOSITY, &verbosity);
+
     ssh_init();
 
     torture_filter_tests(tests);