diff --git a/.crypto-policies.metadata b/.crypto-policies.metadata
index ae21469..5cfae73 100644
--- a/.crypto-policies.metadata
+++ b/.crypto-policies.metadata
@@ -1 +1 @@
-ebca51d3017ee207680f9ae109e49ed78e8f479b SOURCES/crypto-policies-git94f0e2c.tar.gz
+7b2c7705996b7c988b1fa4852da8e14656326979 SOURCES/crypto-policies-gitb972148.tar.gz
diff --git a/.gitignore b/.gitignore
index e8cc4c7..bbf16f4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/crypto-policies-git94f0e2c.tar.gz
+SOURCES/crypto-policies-gitb972148.tar.gz
diff --git a/SPECS/crypto-policies.spec b/SPECS/crypto-policies.spec
index 749375c..af1fcea 100644
--- a/SPECS/crypto-policies.spec
+++ b/SPECS/crypto-policies.spec
@@ -1,5 +1,4 @@
-%global git_date 20230731
-%global git_commit 94f0e2c4f7ebf2b1513b405d11227bae79ffe070
+%global git_commit b972148fd57556f86921a85c960b8808a8a09291
 %{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
 
 %global _python_bytecompile_extra 0
@@ -27,13 +26,13 @@
 %endif
 
 Name:           crypto-policies
-Version:        %{git_date}
-Release:        1.git%{git_commit_hash}%{?dist}
+Version:        20230731
+Release:        1.git94f0e2c%{?dist}.1
 Summary:        System-wide crypto policies
 
 License:        LGPLv2+
 URL:            https://gitlab.com/redhat-crypto/fedora-crypto-policies
-# For RHEL-9 we use the upstream branch rhel9.
+# For RHEL-9.3 we use the upstream branch rhel9.3 and are freezing version at 20230731-1.git94f0e2c.
 Source0:        https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
 
 BuildArch: noarch
@@ -42,7 +41,7 @@ BuildRequires: libxslt
 BuildRequires: openssl
 BuildRequires: nss-tools
 BuildRequires: gnutls-utils >= 3.6.0
-BuildRequires: java-1.8.0-openjdk-devel
+BuildRequires: java-devel
 BuildRequires: bind
 BuildRequires: perl-interpreter
 BuildRequires: perl-generators
@@ -238,6 +237,9 @@ end
 %{_mandir}/man8/fips-finish-install.8*
 
 %changelog
+* Wed Sep 20 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git94f0e2c.1
+- OSPP subpolicy: tighten beyond reason for OSPP 4.3
+
 * Mon Jul 31 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git94f0e2c
 - krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones
 - FIPS: enforce EMS in FIPS mode