diff --git a/aide-configure.patch b/aide-configure.patch
new file mode 100644
index 0000000..e9030eb
--- /dev/null
+++ b/aide-configure.patch
@@ -0,0 +1,51 @@
+diff --color -ru a/configure.ac b/configure.ac
+--- a/configure.ac	2021-05-20 09:31:11.686987129 +0200
++++ b/configure.ac	2021-05-20 09:39:43.369967457 +0200
+@@ -784,11 +784,11 @@
+ 	[if test "x$withval" = "xmd5" ;then
+ 	   CONFIGHMACTYPE="MHASH_MD5"
+ 	else if test "x$withval" = "xsha1" ;then
+-	      CONFIGHMACTYPE="MHASH_SHA1"
++	   CONFIGHMACTYPE="MHASH_SHA1"
+ 	else if test "x$withval" = "xsha256" ;then
+-	      CONFIGHMACTYPE="MHASH_SHA256"
++	   CONFIGHMACTYPE="MHASH_SHA256"
+ 	else if test "x$withval" = "xsha512" ;then
+-	      CONFIGHMACTYPE="MHASH_SHA512"
++	   CONFIGHMACTYPE="MHASH_SHA512"
+         else 
+ 	   echo "Valid parameters for --with-confighmactype are md5, sha1, sha256 and sha512"
+ 	   exit 1
+@@ -799,7 +799,6 @@
+ 	AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,$CONFIGHMACTYPE,[hash type for config file check])],
+ 	[
+ 	AC_DEFINE_UNQUOTED(CONFIGHMACTYPE,MHASH_MD5,[hash type for config file check])]
+-,
+ )
+ 
+ AC_ARG_WITH([confighmackey],
+@@ -846,18 +845,18 @@
+ 
+ AC_ARG_WITH([dbhmactype],
+ 	AC_HELP_STRING([--with-dbhmactype=TYPE],
+-		[Hash type to use for checking db. Valid values are md5 and sha1.]),
++		[Hash type to use for checking db. Valid values are md5, sha1, sha256 and sha512.]),
+ 	[if test "x$withval" = "xmd5" ;then
+ 	   DBHMACTYPE="MHASH_MD5"
+ 	else if test "x$withval" = "xsha1" ;then
+-	      DBHMACTYPE="MHASH_SHA1"
++	   DBHMACTYPE="MHASH_SHA1"
+ 	else if test "x$withval" = "xsha256" ;then
+-	      CONFIGHMACTYPE="MHASH_SHA256"
++	   DBHMACTYPE="MHASH_SHA256"
+ 	else if test "x$withval" = "xsha512" ;then
+-	      CONFIGHMACTYPE="MHASH_SHA512"
++	   DBHMACTYPE="MHASH_SHA512"
+         else 
+-	      echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
+-	      exit 1
++	   echo "Valid parameters for --with-dbhmactype are md5, sha1, sha256 and sha512"
++	   exit 1
+ 	fi
+ 	fi
+ 	fi
diff --git a/aide.spec b/aide.spec
index a975118..cfdbb65 100644
--- a/aide.spec
+++ b/aide.spec
@@ -36,6 +36,7 @@ Patch4: aide-0.15-syslog-format.patch
 Patch5: aide-0.16-crypto-disable-haval-and-others.patch
 Patch6: coverity.patch
 Patch7: aide-0.16-crash-elf.patch
+Patch8: aide-configure.patch
 
 %description
 AIDE (Advanced Intrusion Detection Environment) is a file integrity
@@ -57,7 +58,9 @@ autoreconf -ivf
   --with-selinux \
   --with-xattr \
   --with-e2fsattrs \
-  --with-audit
+  --with-audit \
+  --with-confighmactype=sha512 \
+  --with-dbhmactype=sha512
 %make_build
 
 %install
@@ -80,6 +83,11 @@ mkdir -p -m0700 %{buildroot}%{_localstatedir}/lib/aide
 %dir %attr(0700,root,root) %{_localstatedir}/log/aide
 
 %changelog
+* Thu May 20 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-19
+- fix configuration option with-dbhmactype
+- do not use sha1 and md5 by default
+  Resolves: rhbz#1935457
+
 * Mon May 10 2021 Zoltan Fridrich <zfridric@redhat.com> - 0.16-19
 - use gating and config file from rhel-8.5
 - remove check of periodically changing files