diff --git a/openssl.spec b/openssl.spec
index 723ac94..8f009bc 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -10,12 +10,26 @@
 # also be handled in opensslconf-new.h.
 %define multilib_arches %{ix86} ia64 %{mips} ppc ppc64 s390 s390x sparcv9 sparc64 x86_64
 
+%define srpmhash() %{lua:
+local files = rpm.expand("%_specdir/openssl.spec")
+for i, p in ipairs(patches) do
+   files = files.." "..p
+end
+for i, p in ipairs(sources) do
+   files = files.." "..p
+end
+local sha256sum = assert(io.popen("cat "..files.." 2>/dev/null | sha256sum"))
+local hash = sha256sum:read("*a")
+sha256sum:close()
+print(string.sub(hash, 0, 16))
+}
+
 %global _performance_build 1
 
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 3.0.1
-Release: 26%{?dist}
+Release: 27%{?dist}
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -228,7 +242,7 @@ RPM_OPT_FLAGS="$RPM_OPT_FLAGS -Wa,--noexecstack -Wa,--generate-missing-build-not
 
 export HASHBANGPERL=/usr/bin/perl
 
-%define fips %{version}-%(date +%Y%m%d)
+%define fips %{version}-%{srpmhash}
 # ia64, x86_64, ppc are OK by default
 # Configure the build tree.  Override OpenSSL defaults with known-good defaults
 # usable on all platforms.  The Configure script already knows to use -fPIC and
@@ -426,6 +440,10 @@ install -m644 %{SOURCE9} \
 %ldconfig_scriptlets libs
 
 %changelog
+* Fri May 06 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.1-27
+- Change FIPS module version to include hash of specfile, patches and sources
+  Resolves: rhbz#2070550
+
 * Thu May 05 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-26
 - OpenSSL FIPS module should not build in non-approved algorithms
 - Resolves: rhbz#2081378