diff --git a/pegasus-snmp-disable-des.patch b/pegasus-snmp-disable-des.patch
new file mode 100644
index 0000000..18ccd7b
--- /dev/null
+++ b/pegasus-snmp-disable-des.patch
@@ -0,0 +1,39 @@
+This patch is required because net-smp is not build with DES support,
+so usmDESPrivProtocol is not available.
+
+diff -ur pegasus.orig/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp
+--- pegasus.orig/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp	2021-06-16 11:22:58.855254567 +0200
++++ pegasus/src/Pegasus/Handler/snmpIndicationHandler/snmpDeliverTrap_netsnmp.cpp	2021-06-16 11:37:33.012733834 +0200
+@@ -247,6 +247,16 @@
+ #ifdef PEGASUS_ENABLE_NET_SNMPV3 
+         case _SNMPv3_TRAP:
+         {
++            if(snmpSecPrivProto == 1)
++            {
++                //DES is no longer supported.
++                PEG_METHOD_EXIT();
++                throw PEGASUS_CIM_EXCEPTION_L(CIM_ERR_NOT_SUPPORTED,
++                    MessageLoaderParms(
++                        _MSG_VERSION_NOT_SUPPORTED_KEY,
++                        _MSG_VERSION_NOT_SUPPORTED));
++            }
++
+             snmpSession.version = SNMP_VERSION_3;
+             CString securityNameCStr = securityName.getCString();
+             size_t securityNameLen = strlen(securityNameCStr);
+@@ -321,14 +331,7 @@
+ 
+             SNMP_FREE(snmpSession.securityPrivProto);
+             //Privacy
+-            if(snmpSecPrivProto == 1) //DES
+-            {
+-                snmpSession.securityPrivProto = snmp_duplicate_objid(
+-                    usmDESPrivProtocol,
+-                    USM_PRIV_PROTO_DES_LEN);
+-                snmpSession.securityPrivProtoLen = USM_PRIV_PROTO_DES_LEN;
+-            }
+-            else if(snmpSecPrivProto == 2) // AES
++            if(snmpSecPrivProto == 2) // AES
+             {
+                 snmpSession.securityPrivProto = snmp_duplicate_objid(
+                     usmAESPrivProtocol,
diff --git a/tog-pegasus.spec b/tog-pegasus.spec
index d20b391..d6b2709 100644
--- a/tog-pegasus.spec
+++ b/tog-pegasus.spec
@@ -8,7 +8,7 @@
 
 Name:           tog-pegasus
 Version:        %{major_ver}.1
-Release:        60%{?dist}
+Release:        61%{?dist}
 Epoch:          2
 Summary:        OpenPegasus WBEM Services for Linux
 
@@ -104,6 +104,8 @@ Patch43:	pegasus-2.14.1-fix-Wreserved-user-defined-literal.patch
 Patch44:	pegasus-2.14.1-crypto-policy-compliance.patch
 # 45: add required lib to fix FTBS
 Patch45:	pegasus-2.14.1-add-pegwsmserver-to-ldd-libs.patch
+# 46: Remove DES support.
+Patch46:	pegasus-snmp-disable-des.patch
 
 BuildRequires:  procps, libstdc++, pam-devel
 BuildRequires:  openssl, openssl-devel
@@ -257,6 +259,7 @@ yes | mak/CreateDmtfSchema 238 %{SOURCE9} cim_schema_2.38.0
 %patch43 -p1 -b .Wreserved-user-defined-literal-fix
 %patch44 -p1 -b .crypto-policy-compliance
 %patch45 -p1 -b .add-pegwsmserver-to-ldd-libs
+%patch46 -p1 -b .snmp-disable-des
 
 
 %build
@@ -558,6 +561,9 @@ fi
 
 
 %changelog
+* Wed Jun 16 2021 Florian Weimer <fweimer@redhat.com> - 2:2.14.1-61
+- Port to net-snmp without DES support (#1958073)
+
 * Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2:2.14.1-60
 - Rebuilt for RHEL 9 BETA for openssl 3.0
   Related: rhbz#1971065