diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch
index 7fd3d8d..abb13e0 100644
--- a/0045-FIPS-services-minimize.patch
+++ b/0045-FIPS-services-minimize.patch
@@ -689,7 +689,7 @@ diff -up openssl-3.0.1/ssl/ssl_ciph.c.nokrsa openssl-3.0.1/ssl/ssl_ciph.c
      ctx->disabled_auth_mask = 0;
  
 +    if (EVP_default_properties_is_fips_enabled(ctx->libctx))
-+        ctx->disabled_mkey_mask |= SSL_kRSA;
++        ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
 +
      /*
       * We ignore any errors from the fetches below. They are expected to fail
diff --git a/openssl.spec b/openssl.spec
index 2109d0f..cd20450 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.1
-Release: 35%{?dist}
+Release: 36%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -458,6 +458,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Thu Jun 16 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-36
+- Ciphersuites with RSAPSK KX should be filterd in FIPS mode
+- Related: rhbz#2085088
+
 * Wed Jun 08 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-35
 - Add explicit indicators for signatures in FIPS mode and mark signature
   primitives as unapproved.