diff --git a/0001-appliance-Copy-in-etc-crypto-policies-back-ends-file.patch b/0001-appliance-Copy-in-etc-crypto-policies-back-ends-file.patch
new file mode 100644
index 0000000..3bbf62b
--- /dev/null
+++ b/0001-appliance-Copy-in-etc-crypto-policies-back-ends-file.patch
@@ -0,0 +1,43 @@
+From d6ba398825bfdd67daf57bac0a4d8bcb281a62a8 Mon Sep 17 00:00:00 2001
+From: "Richard W.M. Jones" <rjones@redhat.com>
+Date: Tue, 11 Oct 2022 21:48:30 +0100
+Subject: [PATCH] appliance: Copy in /etc/crypto-policies/back-ends/ files
+
+Downstream patched openssl in Fedora 37+ broke unless
+/etc/crypto-policies/back-ends/opensslcnf.conf is present.  Files in
+this directory are generated by %post rules that use scripting
+languages so cannot easily be created by supermin.
+
+Force a copy of the host files into the appliance.  This is not ideal
+and is hopefully a temporary fix until Fedora's openssl is fixed.
+
+A symptom of this problem is the error:
+
+  Requested hash sha256 is not supported.
+  Failed to set pbkdf parameters.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2133884
+---
+ appliance/hostfiles.in | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/appliance/hostfiles.in b/appliance/hostfiles.in
+index e78c79bd34..2c42a858e8 100644
+--- a/appliance/hostfiles.in
++++ b/appliance/hostfiles.in
+@@ -14,6 +14,12 @@ dnl   FRUGALWARE=1   For Frugalware.
+ dnl   MAGEIA=1       For Mageia.
+ dnl   OPENMANDRIVA=1 For OpenMandriva.
+ 
++# Work around broken openssl in Fedora 37+ by forcibly copying in
++# these host configuration files (RHBZ#2133884).
++ifelse(REDHAT,1,
++/etc/crypto-policies/back-ends/*.config
++)
++
+ /etc/ld.so.cache
+ /lib/lsb/*
+ /usr/share/augeas/lenses/*.aug
+-- 
+2.37.0.rc2
+
diff --git a/libguestfs.spec b/libguestfs.spec
index 07971cb..99dc0eb 100644
--- a/libguestfs.spec
+++ b/libguestfs.spec
@@ -48,7 +48,7 @@ Summary:       Access and modify virtual machine disk images
 Name:          libguestfs
 Epoch:         1
 Version:       1.49.5
-Release:       1%{?dist}
+Release:       2%{?dist}
 License:       LGPLv2+
 
 # Build only for architectures that have a kernel
@@ -82,6 +82,10 @@ Source7:       libguestfs.keyring
 # Maintainer script which helps with handling patches.
 Source8:       copy-patches.sh
 
+# Workaround for openssl bug RHBZ#2133884
+# Upstream in libguestfs
+Patch:         0001-appliance-Copy-in-etc-crypto-policies-back-ends-file.patch
+
 %if 0%{patches_touch_autotools}
 BuildRequires: autoconf, automake, libtool, gettext-devel
 %endif
@@ -1123,7 +1127,7 @@ rm ocaml/html/.gitignore
 
 
 %changelog
-* Tue Oct 11 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.49.5-1
+* Tue Oct 11 2022 Richard W.M. Jones <rjones@redhat.com> - 1:1.49.5-2
 - New upstream development version 1.49.5
 
 * Wed Oct 05 2022 Remi Collet <remi@remirepo.net> - 1:1.49.4-2