diff --git a/SOURCES/openssl-1.0.1e-cve-2015-1791.patch b/SOURCES/openssl-1.0.1e-cve-2015-1791.patch
index 70608ed..2b6f315 100644
--- a/SOURCES/openssl-1.0.1e-cve-2015-1791.patch
+++ b/SOURCES/openssl-1.0.1e-cve-2015-1791.patch
@@ -184,33 +184,7 @@ diff -up openssl-1.0.1e/ssl/ssl_sess.c.ticket-race openssl-1.0.1e/ssl/ssl_sess.c
 diff -up openssl-1.0.1e/ssl/s3_clnt.c.ticket-race openssl-1.0.1e/ssl/s3_clnt.c
 --- openssl-1.0.1e/ssl/s3_clnt.c.ticket-race	2015-06-09 15:40:41.000000000 +0200
 +++ openssl-1.0.1e/ssl/s3_clnt.c	2015-06-09 15:39:56.315119013 +0200
-@@ -2065,24 +2065,13 @@ int ssl3_get_new_session_ticket(SSL *s)
- 	n=s->method->ssl_get_message(s,
- 		SSL3_ST_CR_SESSION_TICKET_A,
- 		SSL3_ST_CR_SESSION_TICKET_B,
--		-1,
-+		SSL3_MT_NEWSESSION_TICKET,
- 		16384,
- 		&ok);
- 
- 	if (!ok)
- 		return((int)n);
- 
--	if (s->s3->tmp.message_type == SSL3_MT_FINISHED)
--		{
--		s->s3->tmp.reuse_message=1;
--		return(1);
--		}
--	if (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET)
--		{
--		al=SSL_AD_UNEXPECTED_MESSAGE;
--		SSLerr(SSL_F_SSL3_GET_NEW_SESSION_TICKET,SSL_R_BAD_MESSAGE_TYPE);
--		goto f_err;
--		}
- 	if (n < 6)
- 		{
- 		/* need at least ticket_lifetime_hint + ticket length */
-@@ -2092,6 +2081,44 @@ int ssl3_get_new_session_ticket(SSL *s)
+@@ -2092,6 +2092,44 @@ int ssl3_get_new_session_ticket(SSL *s)
  		}
  
  	p=d=(unsigned char *)s->init_msg;
diff --git a/SPECS/openssl.spec b/SPECS/openssl.spec
index 93bc094..d5ca112 100644
--- a/SPECS/openssl.spec
+++ b/SPECS/openssl.spec
@@ -23,7 +23,7 @@
 Summary: Utilities from the general purpose cryptography library with TLS implementation
 Name: openssl
 Version: 1.0.1e
-Release: 42%{?dist}.8
+Release: 42%{?dist}.9
 Epoch: 1
 # We have to remove certain patented algorithms from the openssl source
 # tarball with the hobble-openssl script which is included below.
@@ -576,6 +576,9 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
 %postun libs -p /sbin/ldconfig
 
 %changelog
+* Tue Jun 23 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.9
+- fix the CVE-2015-1791 fix (broken server side renegotiation)
+
 * Thu Jun 11 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1e-42.8
 - improved fix for CVE-2015-1791
 - add missing parts of CVE-2015-0209 fix for corectness although unexploitable