diff --git a/openssl-0.9.8a-reuse-cipher-change.patch b/openssl-0.9.8a-reuse-cipher-change.patch
new file mode 100644
index 0000000..666688b
--- /dev/null
+++ b/openssl-0.9.8a-reuse-cipher-change.patch
@@ -0,0 +1,20 @@
+--- openssl-0.9.8a/ssl/ssl.h.cipher-change	2005-11-22 16:36:22.000000000 +0100
++++ openssl-0.9.8a/ssl/ssl.h	2005-12-15 11:28:05.000000000 +0100
+@@ -477,7 +477,7 @@
+ 
+ #define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
+ #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
+-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
++#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L /* can break some security expectations */
+ #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x00000010L
+ #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
+ #define SSL_OP_MSIE_SSLV2_RSA_PADDING			0x00000040L /* no effect since 0.9.7h and 0.9.8b */
+@@ -494,7 +494,7 @@
+ 
+ /* SSL_OP_ALL: various bug workarounds that should be rather harmless.
+  *             This used to be 0x000FFFFFL before 0.9.7. */
+-#define SSL_OP_ALL					0x00000FFFL
++#define SSL_OP_ALL					0x00000FF7L /* without SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG */
+ 
+ /* DTLS options */
+ #define SSL_OP_NO_QUERY_MTU                 0x00001000L
diff --git a/openssl.spec b/openssl.spec
index db7c7ed..dea1e26 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
 Summary: The OpenSSL toolkit.
 Name: openssl
 Version: 0.9.8a
-Release: 4.1
+Release: 5
 Source: openssl-%{version}-usa.tar.bz2
 Source1: hobble-openssl
 Source2: Makefile.certificate
@@ -55,6 +55,7 @@ Patch34: openssl-0.9.6-x509.patch
 Patch35: openssl-0.9.7-beta5-version-add-engines.patch
 Patch36: openssl-0.9.8a-use-poll.patch
 Patch37: openssl-0.9.8a-no-builtin-comp.patch
+Patch38: openssl-0.9.8a-reuse-cipher-change.patch
 # Backported fixes including security fixes
 
 License: BSDish
@@ -119,6 +120,7 @@ popd
 %patch35 -p1 -b .version-add-engines
 %patch36 -p1 -b .use-poll
 %patch37 -p1 -b .no-builtin-comp
+%patch38 -p1 -b .cipher-change
 
 # Modify the various perl scripts to reference perl in the right location.
 perl util/perlpath.pl `dirname %{__perl}`
@@ -380,6 +382,10 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libssl.so.%{soversion}
 %postun -p /sbin/ldconfig
 
 %changelog
+* Thu Dec 15 2005 Tomas Mraz <tmraz@redhat.com> 0.9.8a-5
+- don't include SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
+  in SSL_OP_ALL (#175779)
+
 * Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
 - rebuilt