diff --git a/driver/src/test/java/org/neo4j/driver/util/TemporalUtil.java b/driver/src/test/java/org/neo4j/driver/util/TemporalUtil.java
index be90a30e79..cb57cd18c8 100644
--- a/driver/src/test/java/org/neo4j/driver/util/TemporalUtil.java
+++ b/driver/src/test/java/org/neo4j/driver/util/TemporalUtil.java
@@ -65,8 +65,8 @@ public final class TemporalUtil {
             // `Unknown time-zone ID: US/Pacific-New`"
             "Pacific/Easter",
             "America/Ciudad_Juarez",
-            "Europe/Kyiv" // might have issues when running with dated TZ db
-            );
+            "Europe/Kyiv", // might have issues when running with dated TZ db
+            "America/Mazatlan");
 
     private TemporalUtil() {}
 
diff --git a/testkit/Dockerfile b/testkit/Dockerfile
index 4fbcb50e5a..a99ce64ff5 100644
--- a/testkit/Dockerfile
+++ b/testkit/Dockerfile
@@ -1,17 +1,32 @@
-# Install Maven 3.6, Java 11, Java 8 and Python3
-FROM maven:3.6.3-openjdk-8
+FROM debian:bullseye-slim
 
-RUN apt-get --quiet --quiet update \
-    && apt-get --quiet --quiet install -y bash python3 \
+ENV JAVA_HOME=/usr/lib/jvm/openjdk-8 \
+    PYTHON=python3
+
+RUN apt-get update && apt-get install -y \
+      ca-certificates \
+      curl \
+      apt-transport-https \
+      python3 \
+      p11-kit \
     && rm -rf /var/lib/apt/lists/*
 
-ENV PYTHON=python3
-ENV JAVA_HOME=/usr/local/openjdk-8
-ENV PATH=$JAVA_HOME/bin:$PATH
+# https://hub.docker.com/_/eclipse-temurin
+COPY --from=eclipse-temurin:8-jdk /opt/java/openjdk $JAVA_HOME
+
+COPY --from=maven:3.9.6-eclipse-temurin-8 /usr/share/maven /opt/apache-maven
 
 # Install our own CAs on the image.
 # Assumes Linux Debian based image.
 # JAVA_HOME needed by update-ca-certificates hook to update Java with changed system CAs.
 COPY CAs/* /usr/local/share/ca-certificates/
 COPY CustomCAs/* /usr/local/share/custom-ca-certificates/
-RUN update-ca-certificates
+RUN echo 'jdk.tls.disabledAlgorithms=jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL' > /testkit.java.security
+
+# https://github.com/adoptium/containers/issues/293
+# https://github.com/adoptium/containers/pull/392
+# https://github.com/adoptium/containers/blob/f6d4923380ecb1ec4b0d58c633ebb0aeed4c8332/17/jdk/ubuntu/jammy/entrypoint.sh#L23
+RUN update-ca-certificates \
+    && trust extract --overwrite --format=java-cacerts --filter=ca-anchors --purpose=server-auth "$JAVA_HOME/jre/lib/security/cacerts"
+
+ENV PATH=$JAVA_HOME/bin:/opt/apache-maven/bin:$PATH
diff --git a/testkit/backend.py b/testkit/backend.py
index 2865d0b305..3167f16851 100644
--- a/testkit/backend.py
+++ b/testkit/backend.py
@@ -10,7 +10,7 @@
 
 if __name__ == "__main__":
     subprocess.check_call(
-        ["java", "-Djdk.tls.client.protocols=TLSv1.3,TLSv1.2,TLSv1.1", "-jar", "testkit-backend/target/testkit-backend.jar",
+        ["java", "-Djava.security.properties=/testkit.java.security", "-jar", "testkit-backend/target/testkit-backend.jar",
         os.getenv('TEST_BACKEND_SERVER', '')],
         stdout=sys.stdout, stderr=sys.stderr
     )