diff --git a/openssh-9.6p1-CVE-2023-48795.patch b/openssh-9.6p1-CVE-2023-48795.patch
index 3000eab..16ff4c4 100644
--- a/openssh-9.6p1-CVE-2023-48795.patch
+++ b/openssh-9.6p1-CVE-2023-48795.patch
@@ -428,6 +428,15 @@ diff -up openssh-8.7p1/sshd.c.kexstrict openssh-8.7p1/sshd.c
  	myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(
  	    options.ciphers);
  	myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(
+@@ -2586,7 +2586,7 @@ do_ssh2_kex(struct ssh *ssh)
+ 	if (gss && orig)
+ 		xasprintf(&newstr, "%s,%s", gss, orig);
+ 	else if (gss)
+-		newstr = gss;
++		xasprintf(&newstr, "%s,%s", gss, "kex-strict-s-v00@openssh.com");
+ 	else if (orig)
+ 		newstr = orig;
+ 
 @@ -2650,6 +2654,7 @@ do_ssh2_kex(struct ssh *ssh)
  	packet_send();
  	packet_write_wait();
diff --git a/openssh.spec b/openssh.spec
index 3deccc1..70874e5 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -66,7 +66,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.0p1
-%global openssh_rel 22
+%global openssh_rel 23
 %global pam_ssh_agent_ver 0.10.3
 %global pam_ssh_agent_rel 7
 
@@ -821,6 +821,10 @@ getent passwd sshd >/dev/null || \
 %endif
 
 %changelog
+* Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-23
+- Fix Terrapin attack
+  Resolves: RHEL-19308
+
 * Thu Dec 21 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-22
 - Fix Terrapin attack
   Resolves: RHEL-19308