diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch
index 204f218..81b3e73 100644
--- a/0045-FIPS-services-minimize.patch
+++ b/0045-FIPS-services-minimize.patch
@@ -656,3 +656,15 @@ diff -up openssl-3.0.1/test/endecode_test.c.fipsmin3 openssl-3.0.1/test/endecode
          /*
           * ED25519, ED448, X25519 and X448 have no support for
           * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
+diff -up openssl-3.0.1/apps/req.c.dfc openssl-3.0.1/apps/req.c
+--- openssl-3.0.1/apps/req.c.dfc	2022-05-12 13:31:21.957638329 +0200
++++ openssl-3.0.1/apps/req.c	2022-05-12 13:31:49.587984867 +0200
+@@ -266,7 +266,7 @@ int req_main(int argc, char **argv)
+     unsigned long chtype = MBSTRING_ASC, reqflag = 0;
+ 
+ #ifndef OPENSSL_NO_DES
+-    cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
++    cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
+ #endif
+ 
+     prog = opt_init(argc, argv, req_options);
diff --git a/openssl.spec b/openssl.spec
index a1170ec..5fe2465 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -447,6 +447,8 @@ install -m644 %{SOURCE9} \
 * Thu May 12 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-29
 - `-config` argument of openssl app should work properly in FIPS mode
 - Resolves: rhbz#2083274
+- openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
+- Resolves: rhbz#2063947
 
 * Fri May 06 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-28
 - OpenSSL should not accept custom elliptic curve parameters