diff --git a/.gitignore b/.gitignore
index 311d993..1102572 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,3 +40,4 @@
 /libreswan-4.2.tar.gz
 /libreswan-4.4.tar.gz
 /libreswan-4.5.tar.gz
+/libreswan-4.6.tar.gz
diff --git a/libreswan-4.6-openssl3.patch b/libreswan-4.6-openssl3.patch
new file mode 100644
index 0000000..a5e0f9d
--- /dev/null
+++ b/libreswan-4.6-openssl3.patch
@@ -0,0 +1,52 @@
+From 0212bc6a7c0ac3aa5d8da82bf22132993d339ffc Mon Sep 17 00:00:00 2001
+From: Paul Wouters <paul.wouters@aiven.io>
+Date: Thu, 13 Jan 2022 15:31:50 -0500
+Subject: [PATCH] building: fix fedora rawhide build
+
+Avoid clashing openssl/nss headers
+
+Patch based on work by Daiki Ueno <dueno@redhat.com>
+
+Resolves: https://github.com/libreswan/libreswan/pull/611
+---
+ programs/pluto/ikev2_ipseckey.h      | 4 ++--
+ programs/pluto/ikev2_ipseckey_dnsr.c | 4 +++-
+ 2 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/programs/pluto/ikev2_ipseckey.h b/programs/pluto/ikev2_ipseckey.h
+index 243e5b1776..5ef3f966ec 100644
+--- a/programs/pluto/ikev2_ipseckey.h
++++ b/programs/pluto/ikev2_ipseckey.h
+@@ -1,5 +1,3 @@
+-#include "state.h"
+-
+ #ifndef _IKEV2_IPSECKEY_H
+ #define _IKEV2_IPSECKEY_H
+ 
+@@ -11,6 +9,8 @@
+ 
+ #define IS_LIBUNBOUND LSW_LIBUNBOUND_ENABLED
+ 
++struct ike_sa;
++
+ typedef enum {
+ 	DNS_OK = STF_OK,
+ 	DNS_FATAL = STF_FATAL,
+diff --git a/programs/pluto/ikev2_ipseckey_dnsr.c b/programs/pluto/ikev2_ipseckey_dnsr.c
+index b07ed72f2b..09767bf65d 100644
+--- a/programs/pluto/ikev2_ipseckey_dnsr.c
++++ b/programs/pluto/ikev2_ipseckey_dnsr.c
+@@ -32,7 +32,9 @@
+ #include "dnssec.h"    /* includes unbound.h */
+ #include "ikev2_ipseckey.h" /* for dns_status */
+ #include "ikev2_ipseckey_dnsr.h"
+-#include "secrets.h"
++
++/* Do not include secrets.h as it will cause conflicts via NSS/OPENSSL headers */
++extern const struct pubkey_type pubkey_type_rsa;
+ 
+ struct p_dns_req *pluto_dns_list = NULL; /* DNS queries linked list */
+ 
+-- 
+2.31.1
+
diff --git a/libreswan.spec b/libreswan.spec
index a0b176c..c61a2d7 100644
--- a/libreswan.spec
+++ b/libreswan.spec
@@ -30,7 +30,7 @@
 Name: libreswan
 Summary: Internet Key Exchange (IKEv1 and IKEv2) implementation for IPsec
 # version is generated in the release script
-Version: 4.5
+Version: 4.6
 Release: %{?prever:0.}1%{?prever:.%{prever}}%{?dist}
 License: GPLv2
 Url: https://libreswan.org/
@@ -40,7 +40,7 @@ Source1: https://download.libreswan.org/cavs/ikev1_dsa.fax.bz2
 Source2: https://download.libreswan.org/cavs/ikev1_psk.fax.bz2
 Source3: https://download.libreswan.org/cavs/ikev2.fax.bz2
 %endif
-Patch0: libreswan-4.5-openssl3.patch
+Patch0: libreswan-4.6-openssl3.patch
 
 BuildRequires: audit-libs-devel
 BuildRequires: bison
@@ -196,6 +196,9 @@ certutil -N -d sql:$tmpdir --empty-password
 %doc %{_mandir}/*/*
 
 %changelog
+* Mon Jan 17 2022 Daiki Ueno <dueno@redhat.com> - 4.6-1
+- Update to 4.6. Resolves: rhbz#2017355
+
 * Mon Jan 10 2022 Daiki Ueno <dueno@redhat.com> - 4.5-1
 - Update to 4.5. Resolves: rhbz#2017355
 
diff --git a/sources b/sources
index 0b9d120..48e985e 100644
--- a/sources
+++ b/sources
@@ -1,4 +1,4 @@
 SHA512 (ikev1_dsa.fax.bz2) = 627cbac14248bd68e8d22fbca247668a7749ef0c2e41df8d776d62df9a21403d3a246c0bd82c3faedce62de90b9f91a87f753e17b056319000bba7d2038461ac
 SHA512 (ikev1_psk.fax.bz2) = 1b2daec32edc56b410c036db2688c92548a9bd9914994bc7e555b301dd6db4497a6b3e89dc12ddf36826ae90b40fcde501a5a45c0d59098e07839073d219d467
 SHA512 (ikev2.fax.bz2) = 0d3748d1bd574f6f1f3e4db847eca126ce649566ea710ef227426f433122752b80d1d6b8acf9d0df07b5597c1e45447e3a2fcb3391756e834e8e75f99df8e51e
-SHA512 (libreswan-4.5.tar.gz) = 451a4f71099aa4776624a4c127fdaff492acc38a44228255dcbf955efa0982fd963c989d63522f56279eec6a9ef738febb573dde34aa541724ab11e37a554f9e
+SHA512 (libreswan-4.6.tar.gz) = c1c3efd7665dee6caaf08cb5aa50fcd37c299acad4b62648284fdb04edd50ba8fc8d33a9fb210edaf2312697f8cd251f33a6b16587eb2cfefd1269b4482dd499