diff --git a/README.SUSE b/README.SUSE
index 46ae71a..3cc4b70 100644
--- a/README.SUSE
+++ b/README.SUSE
@@ -1,6 +1,6 @@
 Currently, the supported back-end policies are:
   * OpenSSL library
   * GnuTLS library
-  * OpenJDK (only for java-1_8_0-openjdk and java-11-openjdk)
+  * OpenJDK
 
 The rest of the modules ignore the policy settings for the time being.
diff --git a/_service b/_service
index 9b955e3..aa62ea2 100644
--- a/_service
+++ b/_service
@@ -4,7 +4,7 @@
     <param name="scm">git</param>
     <param name="versionformat">%cd.%h</param>
     <param name="changesgenerate">enable</param>
-    <param name="revision">3d08ae70557e5a86686e5b24e443731bfdf232bb</param>
+    <param name="revision">5f3458e619628288883f22695f3311f1ccd6a39f</param>
   </service>
   <service name="recompress" mode="disabled">
     <param name="file">*.tar</param>
diff --git a/_servicedata b/_servicedata
index 424997b..85a7737 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://gitlab.com/redhat-crypto/fedora-crypto-policies.git</param>
-              <param name="changesrevision">3d08ae70557e5a86686e5b24e443731bfdf232bb</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">5f3458e619628288883f22695f3311f1ccd6a39f</param></service></servicedata>
\ No newline at end of file
diff --git a/crypto-policies-revert-rh-allow-sha1-signatures.patch b/crypto-policies-revert-rh-allow-sha1-signatures.patch
index 8c59d9b..abd2732 100644
--- a/crypto-policies-revert-rh-allow-sha1-signatures.patch
+++ b/crypto-policies-revert-rh-allow-sha1-signatures.patch
@@ -4,10 +4,10 @@ Date: Fri, 8 Apr 2022 13:47:29 +0200
 Subject: openssl: disable SHA-1 signatures in FUTURE/NO-SHA1
 
 
-Index: fedora-crypto-policies-20230420.3d08ae7/policies/FUTURE.pol
+Index: fedora-crypto-policies-20230614.5f3458e/policies/FUTURE.pol
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/policies/FUTURE.pol
-+++ fedora-crypto-policies-20230420.3d08ae7/policies/FUTURE.pol
+--- fedora-crypto-policies-20230614.5f3458e.orig/policies/FUTURE.pol
++++ fedora-crypto-policies-20230614.5f3458e/policies/FUTURE.pol
 @@ -65,7 +65,3 @@ sha1_in_certs = 0
  arbitrary_dh_groups = 1
  ssh_certs = 1
@@ -16,10 +16,10 @@ Index: fedora-crypto-policies-20230420.3d08ae7/policies/FUTURE.pol
 -# https://fedoraproject.org/wiki/Changes/StrongCryptoSettings3Forewarning1
 -# SHA-1 signatures are blocked in OpenSSL in FUTURE only
 -__openssl_block_sha1_signatures = 1
-Index: fedora-crypto-policies-20230420.3d08ae7/policies/modules/NO-SHA1.pmod
+Index: fedora-crypto-policies-20230614.5f3458e/policies/modules/NO-SHA1.pmod
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/policies/modules/NO-SHA1.pmod
-+++ fedora-crypto-policies-20230420.3d08ae7/policies/modules/NO-SHA1.pmod
+--- fedora-crypto-policies-20230614.5f3458e.orig/policies/modules/NO-SHA1.pmod
++++ fedora-crypto-policies-20230614.5f3458e/policies/modules/NO-SHA1.pmod
 @@ -3,7 +3,3 @@
  hash = -SHA1
  sign = -*-SHA1
@@ -28,10 +28,10 @@ Index: fedora-crypto-policies-20230420.3d08ae7/policies/modules/NO-SHA1.pmod
 -# https://fedoraproject.org/wiki/Changes/StrongCryptoSettings3Preview1
 -# SHA-1 signatures are blocked in OpenSSL in FUTURE only
 -__openssl_block_sha1_signatures = 1
-Index: fedora-crypto-policies-20230420.3d08ae7/python/cryptopolicies/cryptopolicies.py
+Index: fedora-crypto-policies-20230614.5f3458e/python/cryptopolicies/cryptopolicies.py
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/python/cryptopolicies/cryptopolicies.py
-+++ fedora-crypto-policies-20230420.3d08ae7/python/cryptopolicies/cryptopolicies.py
+--- fedora-crypto-policies-20230614.5f3458e.orig/python/cryptopolicies/cryptopolicies.py
++++ fedora-crypto-policies-20230614.5f3458e/python/cryptopolicies/cryptopolicies.py
 @@ -19,7 +19,6 @@ from . import validation  # moved out of
  INT_DEFAULTS = {k: 0 for k in (
      'arbitrary_dh_groups',
@@ -40,10 +40,10 @@ Index: fedora-crypto-policies-20230420.3d08ae7/python/cryptopolicies/cryptopolic
      'sha1_in_certs',
      'ssh_certs', 'ssh_etm',
  )}
-Index: fedora-crypto-policies-20230420.3d08ae7/python/policygenerators/openssl.py
+Index: fedora-crypto-policies-20230614.5f3458e/python/policygenerators/openssl.py
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/python/policygenerators/openssl.py
-+++ fedora-crypto-policies-20230420.3d08ae7/python/policygenerators/openssl.py
+--- fedora-crypto-policies-20230614.5f3458e.orig/python/policygenerators/openssl.py
++++ fedora-crypto-policies-20230614.5f3458e/python/policygenerators/openssl.py
 @@ -7,14 +7,6 @@ from subprocess import check_output, Cal
  
  from .configgenerator import ConfigGenerator
@@ -72,10 +72,10 @@ Index: fedora-crypto-policies-20230420.3d08ae7/python/policygenerators/openssl.p
          return s
  
      @classmethod
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/alternative-policies/FUTURE.pol
+Index: fedora-crypto-policies-20230614.5f3458e/tests/alternative-policies/FUTURE.pol
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/alternative-policies/FUTURE.pol
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/alternative-policies/FUTURE.pol
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/alternative-policies/FUTURE.pol
++++ fedora-crypto-policies-20230614.5f3458e/tests/alternative-policies/FUTURE.pol
 @@ -71,7 +71,3 @@ sha1_in_dnssec = 0
  arbitrary_dh_groups = 1
  ssh_certs = 1
@@ -84,52 +84,52 @@ Index: fedora-crypto-policies-20230420.3d08ae7/tests/alternative-policies/FUTURE
 -# https://fedoraproject.org/wiki/Changes/StrongCryptoSettings3Preview1
 -# SHA-1 signatures are blocked in OpenSSL in FUTURE only
 -__openssl_block_sha1_signatures = 1
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/DEFAULT-opensslcnf.txt
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/DEFAULT-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/outputs/DEFAULT-opensslcnf.txt
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/outputs/DEFAULT-opensslcnf.txt
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/DEFAULT-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/DEFAULT-opensslcnf.txt
 @@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
  SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
- Groups = X25519:X448:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
+ Groups = X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
 -
 -[openssl_init]
 -alg_section = evp_properties
 -
 -[evp_properties]
 -rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/DEFAULT:FEDORA32-opensslcnf.txt
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/DEFAULT:FEDORA32-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/outputs/DEFAULT:FEDORA32-opensslcnf.txt
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/outputs/DEFAULT:FEDORA32-opensslcnf.txt
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/DEFAULT:FEDORA32-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/DEFAULT:FEDORA32-opensslcnf.txt
 @@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1
  DTLS.MaxProtocol = DTLSv1.2
  SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1
- Groups = X25519:X448:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
+ Groups = X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
 -
 -[openssl_init]
 -alg_section = evp_properties
 -
 -[evp_properties]
 -rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/DEFAULT:GOST-opensslcnf.txt
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/DEFAULT:GOST-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/outputs/DEFAULT:GOST-opensslcnf.txt
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/outputs/DEFAULT:GOST-opensslcnf.txt
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/DEFAULT:GOST-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/DEFAULT:GOST-opensslcnf.txt
 @@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
  SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
- Groups = X25519:X448:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
+ Groups = X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
 -
 -[openssl_init]
 -alg_section = evp_properties
 -
 -[evp_properties]
 -rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/EMPTY-opensslcnf.txt
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/EMPTY-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/outputs/EMPTY-opensslcnf.txt
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/outputs/EMPTY-opensslcnf.txt
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/EMPTY-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/EMPTY-opensslcnf.txt
 @@ -2,9 +2,3 @@ CipherString = @SECLEVEL=0:-kPSK:-kDHEPS
  Ciphersuites = 
  SignatureAlgorithms = 
@@ -140,66 +140,52 @@ Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/EMPTY-opensslcnf.tx
 -
 -[evp_properties]
 -rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/FIPS-opensslcnf.txt
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/FIPS-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/outputs/FIPS-opensslcnf.txt
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/outputs/FIPS-opensslcnf.txt
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/FIPS-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/FIPS-opensslcnf.txt
 @@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
  SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
- Groups = secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
+ Groups = secp256r1:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
 -
 -[openssl_init]
 -alg_section = evp_properties
 -
 -[evp_properties]
 -rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/FIPS:ECDHE-ONLY-opensslcnf.txt
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/FIPS:ECDHE-ONLY-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/outputs/FIPS:ECDHE-ONLY-opensslcnf.txt
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/outputs/FIPS:ECDHE-ONLY-opensslcnf.txt
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/FIPS:ECDHE-ONLY-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/FIPS:ECDHE-ONLY-opensslcnf.txt
 @@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
  SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
- Groups = secp256r1:secp384r1:secp521r1
+ Groups = secp256r1:secp521r1:secp384r1
 -
 -[openssl_init]
 -alg_section = evp_properties
 -
 -[evp_properties]
 -rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/FIPS:OSPP-opensslcnf.txt
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/FUTURE-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/outputs/FIPS:OSPP-opensslcnf.txt
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/outputs/FIPS:OSPP-opensslcnf.txt
-@@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1.2
- DTLS.MaxProtocol = DTLSv1.2
- SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512
- Groups = secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
--
--[openssl_init]
--alg_section = evp_properties
--
--[evp_properties]
--rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/FUTURE-opensslcnf.txt
-===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/outputs/FUTURE-opensslcnf.txt
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/outputs/FUTURE-opensslcnf.txt
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/FUTURE-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/FUTURE-opensslcnf.txt
 @@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
  SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512
- Groups = X25519:X448:secp256r1:secp384r1:secp521r1:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
+ Groups = X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
 -
 -[openssl_init]
 -alg_section = evp_properties
 -
 -[evp_properties]
 -rh-allow-sha1-signatures = no
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/GOST-ONLY-opensslcnf.txt
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/GOST-ONLY-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/outputs/GOST-ONLY-opensslcnf.txt
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/outputs/GOST-ONLY-opensslcnf.txt
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/GOST-ONLY-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/GOST-ONLY-opensslcnf.txt
 @@ -4,9 +4,3 @@ TLS.MinProtocol = TLSv1
  TLS.MaxProtocol = TLSv1.3
  SignatureAlgorithms = 
@@ -210,38 +196,38 @@ Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/GOST-ONLY-opensslcn
 -
 -[evp_properties]
 -rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/LEGACY-opensslcnf.txt
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/LEGACY-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/outputs/LEGACY-opensslcnf.txt
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/outputs/LEGACY-opensslcnf.txt
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/LEGACY-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/LEGACY-opensslcnf.txt
 @@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1
  DTLS.MaxProtocol = DTLSv1.2
  SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
- Groups = X25519:X448:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
+ Groups = X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
 -
 -[openssl_init]
 -alg_section = evp_properties
 -
 -[evp_properties]
 -rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
 @@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1
  DTLS.MaxProtocol = DTLSv1.2
  SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
- Groups = X25519:X448:secp256r1:secp384r1:secp521r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
+ Groups = X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
 -
 -[openssl_init]
 -alg_section = evp_properties
 -
 -[evp_properties]
 -rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20230420.3d08ae7/tests/unit/test_cryptopolicy.py
+Index: fedora-crypto-policies-20230614.5f3458e/tests/unit/test_cryptopolicy.py
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/tests/unit/test_cryptopolicy.py
-+++ fedora-crypto-policies-20230420.3d08ae7/tests/unit/test_cryptopolicy.py
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/unit/test_cryptopolicy.py
++++ fedora-crypto-policies-20230614.5f3458e/tests/unit/test_cryptopolicy.py
 @@ -260,7 +260,6 @@ def test_cryptopolicy_to_string_empty(tm
          min_dh_size = 0
          min_dsa_size = 0
@@ -258,10 +244,10 @@ Index: fedora-crypto-policies-20230420.3d08ae7/tests/unit/test_cryptopolicy.py
          sha1_in_certs = 0
          ssh_certs = 0
          ssh_etm = 0
-Index: fedora-crypto-policies-20230420.3d08ae7/policies/TEST-FEDORA39.pol
+Index: fedora-crypto-policies-20230614.5f3458e/policies/TEST-FEDORA39.pol
 ===================================================================
---- fedora-crypto-policies-20230420.3d08ae7.orig/policies/TEST-FEDORA39.pol
-+++ fedora-crypto-policies-20230420.3d08ae7/policies/TEST-FEDORA39.pol
+--- fedora-crypto-policies-20230614.5f3458e.orig/policies/TEST-FEDORA39.pol
++++ fedora-crypto-policies-20230614.5f3458e/policies/TEST-FEDORA39.pol
 @@ -67,7 +67,3 @@ sha1_in_certs = 0
  arbitrary_dh_groups = 1
  ssh_certs = 1
@@ -270,3 +256,45 @@ Index: fedora-crypto-policies-20230420.3d08ae7/policies/TEST-FEDORA39.pol
 -# https://fedoraproject.org/wiki/Changes/StrongCryptoSettings3Forewarning1
 -# SHA-1 signatures will blocked in OpenSSL
 -__openssl_block_sha1_signatures = 1
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/FEDORA38-opensslcnf.txt
+===================================================================
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/FEDORA38-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/FEDORA38-opensslcnf.txt
+@@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1.2
+ DTLS.MaxProtocol = DTLSv1.2
+ SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
+ Groups = X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
+-
+-[openssl_init]
+-alg_section = evp_properties
+-
+-[evp_properties]
+-rh-allow-sha1-signatures = yes
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/TEST-FEDORA39-opensslcnf.txt
+===================================================================
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/TEST-FEDORA39-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/TEST-FEDORA39-opensslcnf.txt
+@@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1.2
+ DTLS.MaxProtocol = DTLSv1.2
+ SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224
+ Groups = X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
+-
+-[openssl_init]
+-alg_section = evp_properties
+-
+-[evp_properties]
+-rh-allow-sha1-signatures = no
+Index: fedora-crypto-policies-20230614.5f3458e/tests/outputs/FIPS:OSPP-opensslcnf.txt
+===================================================================
+--- fedora-crypto-policies-20230614.5f3458e.orig/tests/outputs/FIPS:OSPP-opensslcnf.txt
++++ fedora-crypto-policies-20230614.5f3458e/tests/outputs/FIPS:OSPP-opensslcnf.txt
+@@ -6,9 +6,3 @@ DTLS.MinProtocol = DTLSv1.2
+ DTLS.MaxProtocol = DTLSv1.2
+ SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512
+ Groups = secp256r1:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192
+-
+-[openssl_init]
+-alg_section = evp_properties
+-
+-[evp_properties]
+-rh-allow-sha1-signatures = yes
diff --git a/crypto-policies-supported.patch b/crypto-policies-supported.patch
index 1867856..1ce9e4c 100644
--- a/crypto-policies-supported.patch
+++ b/crypto-policies-supported.patch
@@ -16,7 +16,7 @@ Index: fedora-crypto-policies-20230420.3d08ae7/update-crypto-policies.8.txt
 +* NSS library (NSS, SSL, TLS) (Not supported)
  
 -* OpenJDK (java-tls, SSL, TLS)
-+* OpenJDK (java-tls, SSL, TLS) (Supported only for java-1_8_0-openjdk and java-11-openjdk)
++* OpenJDK (java-tls, SSL, TLS) (Supported)
  
 -* Libkrb5 (krb5, kerberos)
 +* Libkrb5 (krb5, kerberos) (Not supported)
diff --git a/crypto-policies.7.gz b/crypto-policies.7.gz
index e0e574c..81e15c2 100644
--- a/crypto-policies.7.gz
+++ b/crypto-policies.7.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:08e4778d0c659ec3d5f408ba889634255f462b5fe6ee0d22194347103da69a7e
-size 6896
+oid sha256:5eceb5b5a5360d08e1f85163bea95bdb84c748e1e3836765b400773d42bba1c9
+size 6937
diff --git a/crypto-policies.changes b/crypto-policies.changes
index 7ab3fd3..451d982 100644
--- a/crypto-policies.changes
+++ b/crypto-policies.changes
@@ -4,6 +4,15 @@ Fri Jul 14 14:59:06 UTC 2023 - Marcus Meissner <meissner@suse.com>
 - BSI.pol: Added a new BSI policy for BSI TR 02102* (jsc#PED-4933)
   derived from NEXT.pol
 
+-------------------------------------------------------------------
+Thu Jul 13 06:36:20 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to version 20230614.5f3458e:
+  * policies: impose old OpenSSL groups order for all back-ends
+  * Rebase patches:
+    - crypto-policies-revert-rh-allow-sha1-signatures.patch
+    - crypto-policies-supported.patch
+
 -------------------------------------------------------------------
 Thu May 25 11:28:12 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
 
diff --git a/crypto-policies.spec b/crypto-policies.spec
index e8a8d2e..684d8fa 100644
--- a/crypto-policies.spec
+++ b/crypto-policies.spec
@@ -22,7 +22,7 @@
 %bcond_with manbuild
 %global _python_bytecompile_extra 0
 Name:           crypto-policies
-Version:        20230420.3d08ae7
+Version:        20230614.5f3458e
 Release:        0
 Summary:        System-wide crypto policies
 License:        LGPL-2.1-or-later
@@ -60,7 +60,7 @@ BuildRequires:  python3-base >= 3.6
 BuildRequires:  asciidoc
 %endif
 %if %{with testsuite}
-# The following buildrequires are needed for the testsuite
+# The following packages are needed for the testsuite
 BuildRequires:  bind
 BuildRequires:  gnutls >= 3.6.0
 BuildRequires:  java-devel
@@ -94,6 +94,7 @@ such as SSL/TLS libraries.
 %package scripts
 Summary:        Tool to switch between crypto policies
 Requires:       %{name} = %{version}-%{release}
+Recommends:     grubby
 
 %description scripts
 This package provides a tool update-crypto-policies, which applies
@@ -101,6 +102,9 @@ the policies provided by the crypto-policies package. These can be
 either the pre-built policies from the base package or custom policies
 defined in simple policy definition files.
 
+The package also provides a tool fips-mode-setup, which can be used
+to enable or disable the system FIPS mode.
+
 %prep
 %autosetup -p1 -n fedora-%{name}-%{version}
 
@@ -113,6 +117,9 @@ find -name sequoia.py -delete
 
 %build
 export OPENSSL_CONF=''
+sed -i "s/MIN_RSA_DEFAULT = .*/MIN_RSA_DEFAULT = 'RequiredRSASize'/" \
+    python/policygenerators/openssh.py
+grep "MIN_RSA_DEFAULT = 'RequiredRSASize'" python/policygenerators/openssh.py
 %make_build
 
 %install
@@ -174,7 +181,7 @@ install -p -m 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/crypto-policies
 %check
 %if %{with testsuite}
 export OPENSSL_CONF=''
-%make_build test || :
+%make_build test test-install test-fips-setup || :
 %endif
 
 %post -p <lua>
diff --git a/fedora-crypto-policies-20230420.3d08ae7.tar.gz b/fedora-crypto-policies-20230420.3d08ae7.tar.gz
deleted file mode 100644
index e3a354d..0000000
--- a/fedora-crypto-policies-20230420.3d08ae7.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0554a9e3965970a2233dee8770fe414527e073b80106db89a1170fa845c3903b
-size 85811
diff --git a/fedora-crypto-policies-20230614.5f3458e.tar.gz b/fedora-crypto-policies-20230614.5f3458e.tar.gz
new file mode 100644
index 0000000..1f5117b
--- /dev/null
+++ b/fedora-crypto-policies-20230614.5f3458e.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:40cb4cf8f865336b269fdad5d3f5ab81c8dd8c823cb2b2282f6a96252a529dae
+size 85187
diff --git a/fips-finish-install.8.gz b/fips-finish-install.8.gz
index c08c63d..7459f19 100644
--- a/fips-finish-install.8.gz
+++ b/fips-finish-install.8.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:c127272faa0580e5969d1a1b33ea4a8811a60da45d23fe50a782eaaf8c0c9075
-size 824
+oid sha256:b0c4844eb573ddb5517d78c0e2e663066413ef3807dfa63df5ee43c0fefe1582
+size 825
diff --git a/fips-mode-setup.8.gz b/fips-mode-setup.8.gz
index 1847553..cc679da 100644
--- a/fips-mode-setup.8.gz
+++ b/fips-mode-setup.8.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:7a427092b98f11bf8bb0606afd71dbe1d153362f9c3a15ed53e479436f45e43b
-size 1541
+oid sha256:af453be70b0971f4e4139eec3b669bee3b5195df2d7c28853d3fd4c4006cbb1b
+size 1542
diff --git a/update-crypto-policies.8.gz b/update-crypto-policies.8.gz
index 7a759dc..5dd3484 100644
--- a/update-crypto-policies.8.gz
+++ b/update-crypto-policies.8.gz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:3530ed7a871a3b9c72ea761ff45f9a80ab2720f76bb223e58debad848b8aa7a1
-size 4178
+oid sha256:cad2a9da340059b6ba7b84c9646a85f113cb8781d55c0ea5c8aa0422ea632c3c
+size 4154