diff --git a/SOURCES/0001-Added-GOST-10.0-policy-also-added-experimental-PAM-g.patch b/SOURCES/0001-Added-GOST-10.0-policy-also-added-experimental-PAM-g.patch
index 3445afe..0796336 100644
--- a/SOURCES/0001-Added-GOST-10.0-policy-also-added-experimental-PAM-g.patch
+++ b/SOURCES/0001-Added-GOST-10.0-policy-also-added-experimental-PAM-g.patch
@@ -1,4 +1,4 @@
-From 89ce7a9f1773a4629cda8d1343989e68b159f8dd Mon Sep 17 00:00:00 2001
+From 16aeae867ff90b540ac3613fcb742db8dc0a5361 Mon Sep 17 00:00:00 2001
 From: tigro <tigro@msvsphere-os.ru>
 Date: Wed, 8 Jan 2025 22:11:14 +0300
 Subject: [PATCH] Added GOST 10.0 policy also added experimental PAM generator
@@ -118,9 +118,9 @@ Subject: [PATCH] Added GOST 10.0 policy also added experimental PAM generator
  tests/outputs/GOST-ONLY-PAM-java.txt          |   4 +
  tests/outputs/GOST-ONLY-PAM-javasystem.txt    |   2 +
  tests/outputs/GOST-ONLY-PAM-krb5.txt          |   2 +
- tests/outputs/GOST-ONLY-PAM-libreswan.txt     |   2 +
+ tests/outputs/GOST-ONLY-PAM-libreswan.txt     |   1 +
  tests/outputs/GOST-ONLY-PAM-libssh.txt        |   0
- tests/outputs/GOST-ONLY-PAM-nss.txt           |   6 +
+ tests/outputs/GOST-ONLY-PAM-nss.txt           |   8 +
  tests/outputs/GOST-ONLY-PAM-openssh.txt       |   2 +
  tests/outputs/GOST-ONLY-PAM-opensshserver.txt |   2 +
  tests/outputs/GOST-ONLY-PAM-openssl.txt       |   1 +
@@ -132,9 +132,9 @@ Subject: [PATCH] Added GOST 10.0 policy also added experimental PAM generator
  tests/outputs/GOST-ONLY-java.txt              |   4 +
  tests/outputs/GOST-ONLY-javasystem.txt        |   2 +
  tests/outputs/GOST-ONLY-krb5.txt              |   2 +
- tests/outputs/GOST-ONLY-libreswan.txt         |   2 +
+ tests/outputs/GOST-ONLY-libreswan.txt         |   1 +
  tests/outputs/GOST-ONLY-libssh.txt            |   0
- tests/outputs/GOST-ONLY-nss.txt               |   6 +
+ tests/outputs/GOST-ONLY-nss.txt               |   8 +
  tests/outputs/GOST-ONLY-openssh.txt           |   2 +
  tests/outputs/GOST-ONLY-opensshserver.txt     |   2 +
  tests/outputs/GOST-ONLY-openssl.txt           |   1 +
@@ -145,7 +145,7 @@ Subject: [PATCH] Added GOST 10.0 policy also added experimental PAM generator
  tests/outputs/LEGACY-auth.txt                 |   0
  .../outputs/LEGACY:AD-SUPPORT-LEGACY-auth.txt |   0
  tests/unit/test_cryptopolicy.py               |  87 --------
- 141 files changed, 2010 insertions(+), 104 deletions(-)
+ 141 files changed, 2012 insertions(+), 104 deletions(-)
  create mode 100644 authselect_policies/minimal_gost/README
  create mode 100644 authselect_policies/minimal_gost/REQUIREMENTS
  create mode 100644 authselect_policies/minimal_gost/dconf-db
@@ -1081,7 +1081,7 @@ index 0000000..f28939e
 +
 +authopt@AUTH = custom/sssd_gost with-gost with-fingerprint with-silent-lastlog
 diff --git a/python/build-crypto-policies.py b/python/build-crypto-policies.py
-index 2639624..677b60d 100755
+index 2639624..fd203c3 100755
 --- a/python/build-crypto-policies.py
 +++ b/python/build-crypto-policies.py
 @@ -9,6 +9,7 @@ import argparse
@@ -1109,7 +1109,7 @@ index 2639624..677b60d 100755
          config = gen.generate_config(ucp)
  
 -        if policy_name == 'EMPTY' or gen.test_config(config):
-+        if policy_name in ('EMPTY', 'GOST-ONLY', 'GOST-ONLY-PAM') or gen.test_config(config):
++        if policy_name in ('EMPTY', 'GOST-ONLY', 'GOST-ONLY-PAM', 'DEFAULT:PAM-GOST', 'DEFAULT:PATCH-PAM-GOST', 'DEFAULT:SSSD-PAM-GOST') or gen.test_config(config):
              try:
                  name = ':'.join([policy_name, *subpolicy_names])
                  if not save_config(cmdline, name, gen.CONFIG_NAME, config):
@@ -2894,13 +2894,13 @@ index 0000000..59c9ae0
 +SYSTEM=NONE
 diff --git a/tests/outputs/GOST-ONLY-PAM-java.txt b/tests/outputs/GOST-ONLY-PAM-java.txt
 new file mode 100644
-index 0000000..a306242
+index 0000000..1b79ef1
 --- /dev/null
 +++ b/tests/outputs/GOST-ONLY-PAM-java.txt
 @@ -0,0 +1,4 @@
 +jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, SHA384withDSA, SHA384withECDSA, SHA512withRSA, SHA512withDSA, SHA512withECDSA, Ed25519, Ed448, SHA1withRSAandMGF1, SHA224withRSAandMGF1, SHA256withRSAandMGF1, SHA384withRSAandMGF1, SHA512withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA256, SHA384, SHA512, SHA3_256, SHA3_384, SHA3_512, SHA224, SHA1, MD5
 +jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, SHA384withDSA, SHA384withECDSA, SHA512withRSA, SHA512withDSA, SHA512withECDSA, Ed25519, Ed448, SHA1withRSAandMGF1, SHA224withRSAandMGF1, SHA256withRSAandMGF1, SHA384withRSAandMGF1, SHA512withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, SSLv3, SSLv2, DTLSv1.0, RSAPSK, ECDHE, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_RSA, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_256_GCM, AES_256_CCM, AES_128_GCM, AES_128_CCM, ChaCha20-Poly1305, AES_256_CBC, AES_128_CBC, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacSHA1, HmacSHA256, HmacSHA384, HmacSHA512, HmacMD5
-+jdk.disabled.namedCurves=x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2tnb359v1, c2tnb431r1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, brainpoolP320r1
++jdk.disabled.namedCurves=x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1
 +jdk.tls.legacyAlgorithms=
 diff --git a/tests/outputs/GOST-ONLY-PAM-javasystem.txt b/tests/outputs/GOST-ONLY-PAM-javasystem.txt
 new file mode 100644
@@ -2920,27 +2920,28 @@ index 0000000..b0b1480
 +permitted_enctypes = 
 diff --git a/tests/outputs/GOST-ONLY-PAM-libreswan.txt b/tests/outputs/GOST-ONLY-PAM-libreswan.txt
 new file mode 100644
-index 0000000..7dc12cd
+index 0000000..fa1831b
 --- /dev/null
 +++ b/tests/outputs/GOST-ONLY-PAM-libreswan.txt
-@@ -0,0 +1,2 @@
+@@ -0,0 +1 @@
 +conn %default
-+	pfs=yes
 diff --git a/tests/outputs/GOST-ONLY-PAM-libssh.txt b/tests/outputs/GOST-ONLY-PAM-libssh.txt
 new file mode 100644
 index 0000000..e69de29
 diff --git a/tests/outputs/GOST-ONLY-PAM-nss.txt b/tests/outputs/GOST-ONLY-PAM-nss.txt
 new file mode 100644
-index 0000000..bf6f1ca
+index 0000000..821d249
 --- /dev/null
 +++ b/tests/outputs/GOST-ONLY-PAM-nss.txt
-@@ -0,0 +1,6 @@
+@@ -0,0 +1,8 @@
++library=p11-kit-proxy.so
++name=p11-kit-proxy
++
++
 +library=
 +name=Policy
 +NSS=flags=policyOnly,moduleDB
 +config="disallow=ALL allow=tls-version-min=tls1.0:dtls-version-min=0:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048"
-+
-+
 diff --git a/tests/outputs/GOST-ONLY-PAM-openssh.txt b/tests/outputs/GOST-ONLY-PAM-openssh.txt
 new file mode 100644
 index 0000000..89e06ad
@@ -3046,13 +3047,13 @@ index 0000000..59c9ae0
 +SYSTEM=NONE
 diff --git a/tests/outputs/GOST-ONLY-java.txt b/tests/outputs/GOST-ONLY-java.txt
 new file mode 100644
-index 0000000..a306242
+index 0000000..1b79ef1
 --- /dev/null
 +++ b/tests/outputs/GOST-ONLY-java.txt
 @@ -0,0 +1,4 @@
 +jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, SHA384withDSA, SHA384withECDSA, SHA512withRSA, SHA512withDSA, SHA512withECDSA, Ed25519, Ed448, SHA1withRSAandMGF1, SHA224withRSAandMGF1, SHA256withRSAandMGF1, SHA384withRSAandMGF1, SHA512withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA256, SHA384, SHA512, SHA3_256, SHA3_384, SHA3_512, SHA224, SHA1, MD5
 +jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, SHA384withDSA, SHA384withECDSA, SHA512withRSA, SHA512withDSA, SHA512withECDSA, Ed25519, Ed448, SHA1withRSAandMGF1, SHA224withRSAandMGF1, SHA256withRSAandMGF1, SHA384withRSAandMGF1, SHA512withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, SSLv3, SSLv2, DTLSv1.0, RSAPSK, ECDHE, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_RSA, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_256_GCM, AES_256_CCM, AES_128_GCM, AES_128_CCM, ChaCha20-Poly1305, AES_256_CBC, AES_128_CBC, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacSHA1, HmacSHA256, HmacSHA384, HmacSHA512, HmacMD5
-+jdk.disabled.namedCurves=x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, c2tnb191v1, c2tnb191v2, c2tnb191v3, c2tnb239v1, c2tnb239v2, c2tnb239v3, c2tnb359v1, c2tnb431r1, prime192v2, prime192v3, prime239v1, prime239v2, prime239v3, brainpoolP320r1
++jdk.disabled.namedCurves=x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1
 +jdk.tls.legacyAlgorithms=
 diff --git a/tests/outputs/GOST-ONLY-javasystem.txt b/tests/outputs/GOST-ONLY-javasystem.txt
 new file mode 100644
@@ -3072,27 +3073,28 @@ index 0000000..b0b1480
 +permitted_enctypes = 
 diff --git a/tests/outputs/GOST-ONLY-libreswan.txt b/tests/outputs/GOST-ONLY-libreswan.txt
 new file mode 100644
-index 0000000..7dc12cd
+index 0000000..fa1831b
 --- /dev/null
 +++ b/tests/outputs/GOST-ONLY-libreswan.txt
-@@ -0,0 +1,2 @@
+@@ -0,0 +1 @@
 +conn %default
-+	pfs=yes
 diff --git a/tests/outputs/GOST-ONLY-libssh.txt b/tests/outputs/GOST-ONLY-libssh.txt
 new file mode 100644
 index 0000000..e69de29
 diff --git a/tests/outputs/GOST-ONLY-nss.txt b/tests/outputs/GOST-ONLY-nss.txt
 new file mode 100644
-index 0000000..bf6f1ca
+index 0000000..821d249
 --- /dev/null
 +++ b/tests/outputs/GOST-ONLY-nss.txt
-@@ -0,0 +1,6 @@
+@@ -0,0 +1,8 @@
++library=p11-kit-proxy.so
++name=p11-kit-proxy
++
++
 +library=
 +name=Policy
 +NSS=flags=policyOnly,moduleDB
 +config="disallow=ALL allow=tls-version-min=tls1.0:dtls-version-min=0:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048"
-+
-+
 diff --git a/tests/outputs/GOST-ONLY-openssh.txt b/tests/outputs/GOST-ONLY-openssh.txt
 new file mode 100644
 index 0000000..89e06ad