diff --git a/Jenkinsfile b/Jenkinsfile
index 5ace58a6..4252cd03 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -141,7 +141,7 @@ pipeline {
                         sh 'make PACKAGE_TYPE=deb RESTY_IMAGE_BASE=ubuntu RESTY_IMAGE_TAG=22.04 SSL_PROVIDER=boringssl package-kong test cleanup'
                     }
                 }
-                stage('Kong EE 3.0.0.0'){
+                stage('Kong EE master'){
                     agent {
                         node {
                             label 'bionic'
@@ -150,7 +150,7 @@ pipeline {
                     environment {
                         GITHUB_SSH_KEY = credentials('github_bot_ssh_key')
                         PATH = "/home/ubuntu/bin/:${env.PATH}"
-                        KONG_SOURCE = "3.0.0.0"
+                        KONG_SOURCE = "master"
                     }
                     options {
                         retry(2)
diff --git a/lua-kong-nginx-module b/lua-kong-nginx-module
index 447bbf80..fec73310 160000
--- a/lua-kong-nginx-module
+++ b/lua-kong-nginx-module
@@ -1 +1 @@
-Subproject commit 447bbf8002d9db78e687b710f6209708437bfb90
+Subproject commit fec73310688b16da974a97e52bf27aa9c698bfaa
diff --git a/openresty-patches/patches/1.21.4.1/nginx-1.21.4_03-stream_proxy_ssl_disable.patch b/openresty-patches/patches/1.21.4.1/nginx-1.21.4_03-stream_proxy_ssl_disable.patch
deleted file mode 100644
index 0d3daf3f..00000000
--- a/openresty-patches/patches/1.21.4.1/nginx-1.21.4_03-stream_proxy_ssl_disable.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-diff --git a/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c b/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c
-index 09493135..fc8f8479 100644
---- a/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c
-+++ b/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c
-@@ -8,6 +8,9 @@
- #include <ngx_config.h>
- #include <ngx_core.h>
- #include <ngx_stream.h>
-+#if (NGX_STREAM_LUA_KONG)
-+#include <ngx_stream_lua_kong_module.h>
-+#endif
-
-
- typedef struct {
-@@ -821,8 +824,18 @@ ngx_stream_proxy_init_upstream(ngx_stream_session_t *s)
-
- #if (NGX_STREAM_SSL)
-
-+#if (NGX_STREAM_LUA_KONG)
-+
-+    if (pc->type == SOCK_STREAM && pscf->ssl
-+        && !ngx_stream_lua_kong_get_proxy_ssl_disable(s))
-+    {
-+
-+#else
-+
-     if (pc->type == SOCK_STREAM && pscf->ssl) {
-
-+#endif
-+
-         if (u->proxy_protocol) {
-             if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) {
-                 return;
diff --git a/openresty-patches/patches/1.21.4.1/nginx-1.21.4_03-stream_upstream_client_certificate_and_ssl_verify.patch b/openresty-patches/patches/1.21.4.1/nginx-1.21.4_03-stream_upstream_client_certificate_and_ssl_verify.patch
new file mode 100644
index 00000000..7ee83b4b
--- /dev/null
+++ b/openresty-patches/patches/1.21.4.1/nginx-1.21.4_03-stream_upstream_client_certificate_and_ssl_verify.patch
@@ -0,0 +1,78 @@
+diff --git a/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c b/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c
+index b11c288..4ae9e7b 100644
+--- a/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c
++++ b/nginx-1.21.4/src/stream/ngx_stream_proxy_module.c
+@@ -8,6 +8,9 @@
+ #include <ngx_config.h>
+ #include <ngx_core.h>
+ #include <ngx_stream.h>
++#if (NGX_STREAM_LUA_KONG)
++#include <ngx_stream_lua_kong_module.h>
++#endif
+ 
+ 
+ typedef struct {
+@@ -821,8 +824,18 @@ ngx_stream_proxy_init_upstream(ngx_stream_session_t *s)
+ 
+ #if (NGX_STREAM_SSL)
+ 
++#if (NGX_STREAM_LUA_KONG)
++
++    if (pc->type == SOCK_STREAM && pscf->ssl
++        && !ngx_stream_lua_kong_get_proxy_ssl_disable(s))
++    {
++
++#else
++
+     if (pc->type == SOCK_STREAM && pscf->ssl) {
+ 
++#endif
++
+         if (u->proxy_protocol) {
+             if (ngx_stream_proxy_send_proxy_protocol(s) != NGX_OK) {
+                 return;
+@@ -1085,7 +1098,16 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
+         return;
+     }
+ 
+-    if (pscf->ssl_server_name || pscf->ssl_verify) {
++#if (NGX_STREAM_LUA_KONG)
++
++    if (pscf->ssl_server_name || ngx_stream_lua_kong_get_upstream_ssl_verify(s, pscf->ssl_verify)) {    
++
++#else
++
++     if (pscf->ssl_server_name || pscf->ssl_verify) {
++
++#endif
++
+         if (ngx_stream_proxy_ssl_name(s) != NGX_OK) {
+             ngx_stream_proxy_finalize(s, NGX_STREAM_INTERNAL_SERVER_ERROR);
+             return;
+@@ -1110,6 +1132,10 @@ ngx_stream_proxy_ssl_init_connection(ngx_stream_session_t *s)
+         }
+     }
+ 
++#if (NGX_STREAM_LUA_KONG)
++    ngx_stream_lua_kong_set_upstream_ssl(s, pc);
++#endif
++
+     s->connection->log->action = "SSL handshaking to upstream";
+ 
+     rc = ngx_ssl_handshake(pc);
+@@ -1142,7 +1168,15 @@ ngx_stream_proxy_ssl_handshake(ngx_connection_t *pc)
+ 
+     if (pc->ssl->handshaked) {
+ 
++#if (NGX_STREAM_LUA_KONG)
++
++		if (ngx_stream_lua_kong_get_upstream_ssl_verify(s, pscf->ssl_verify)) {    
++
++#else
++
+         if (pscf->ssl_verify) {
++
++#endif
+             rc = SSL_get_verify_result(pc->ssl->connection);
+ 
+             if (rc != X509_V_OK) {