diff --git a/openssh-7.7p1-redhat.patch b/openssh-7.7p1-redhat.patch
index 6c8d539..1c48ac6 100644
--- a/openssh-7.7p1-redhat.patch
+++ b/openssh-7.7p1-redhat.patch
@@ -90,12 +90,13 @@ diff -up openssh/sshd_config.redhat openssh/sshd_config
 diff -up openssh/sshd_config_redhat.redhat openssh/sshd_config_redhat
 --- openssh/sshd_config_redhat.redhat	2020-02-13 18:14:02.268006439 +0100
 +++ openssh/sshd_config_redhat	2020-02-13 18:19:20.765035947 +0100
-@@ -0,0 +1,28 @@
+@@ -0,0 +1,29 @@
 +# This system is following system-wide crypto policy. The changes to
-+# crypto properties (Ciphers, MACs, ...) will not have any effect here.
-+# They will be overridden by command-line options passed to the server
-+# on command line.
-+# Please, check manual pages for update-crypto-policies(8) and sshd_config(5).
++# crypto properties (Ciphers, MACs, ...) will not have any effect in
++# this or following included files. To override some configuration option,
++# write it before this block or include it before this file.
++# Please, see manual pages for update-crypto-policies(8) and sshd_config(5).
++Include /etc/crypto-policies/back-ends/opensshserver.config
 +
 +SyslogFacility AUTHPRIV
 +
diff --git a/openssh.spec b/openssh.spec
index a047a43..acc547f 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -267,14 +267,14 @@ BuildRequires: gnupg2
 %package clients
 Summary: An open source SSH client applications
 Requires: openssh = %{version}-%{release}
-Requires: crypto-policies >= 20180306-1
+Requires: crypto-policies >= 20200610-1
 
 %package server
 Summary: An open source SSH server daemon
 Requires: openssh = %{version}-%{release}
 Requires(pre): /usr/sbin/useradd
 Requires: pam >= 1.0.1-3
-Requires: crypto-policies >= 20180306-1
+Requires: crypto-policies >= 20200610-1
 %{?systemd_requires}
 
 %if %{ldap}
diff --git a/sshd.service b/sshd.service
index 8f3dbd6..336025b 100644
--- a/sshd.service
+++ b/sshd.service
@@ -6,10 +6,9 @@ Wants=sshd-keygen.target
 
 [Service]
 Type=notify
-EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
 EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin
 EnvironmentFile=-/etc/sysconfig/sshd
-ExecStart=/usr/sbin/sshd -D $OPTIONS $CRYPTO_POLICY $PERMITROOTLOGIN
+ExecStart=/usr/sbin/sshd -D $OPTIONS $PERMITROOTLOGIN
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
diff --git a/sshd@.service b/sshd@.service
index e4fd7f4..4a51b7b 100644
--- a/sshd@.service
+++ b/sshd@.service
@@ -5,8 +5,7 @@ Wants=sshd-keygen.target
 After=sshd-keygen.target
 
 [Service]
-EnvironmentFile=-/etc/crypto-policies/back-ends/opensshserver.config
 EnvironmentFile=-/etc/sysconfig/sshd-permitrootlogin
 EnvironmentFile=-/etc/sysconfig/sshd
-ExecStart=-/usr/sbin/sshd -i $OPTIONS $CRYPTO_POLICY $PERMITROOTLOGIN
+ExecStart=-/usr/sbin/sshd -i $OPTIONS $PERMITROOTLOGIN
 StandardInput=socket