diff --git a/SOURCES/tigervnc-working-tls-on-fips-systems.patch b/SOURCES/tigervnc-working-tls-on-fips-systems.patch
new file mode 100644
index 0000000..841ac2f
--- /dev/null
+++ b/SOURCES/tigervnc-working-tls-on-fips-systems.patch
@@ -0,0 +1,13 @@
+diff --git a/common/rfb/SSecurityTLS.cxx b/common/rfb/SSecurityTLS.cxx
+index b946022..2daefa2 100644
+--- a/common/rfb/SSecurityTLS.cxx
++++ b/common/rfb/SSecurityTLS.cxx
+@@ -186,7 +186,7 @@ void SSecurityTLS::setParams(gnutls_session_t session)
+   if (gnutls_dh_params_init(&dh_params) != GNUTLS_E_SUCCESS)
+     throw AuthFailureException("gnutls_dh_params_init failed");
+
+-  if (gnutls_dh_params_generate2(dh_params, DH_BITS) != GNUTLS_E_SUCCESS)
++  if (gnutls_dh_params_generate2(dh_params, gnutls_sec_param_to_pk_bits(GNUTLS_PK_DH, GNUTLS_SEC_PARAM_MEDIUM)) != GNUTLS_E_SUCCESS)
+     throw AuthFailureException("gnutls_dh_params_generate2 failed");
+
+   if (anon) {
diff --git a/SPECS/tigervnc.spec b/SPECS/tigervnc.spec
index 7975342..de456e6 100644
--- a/SPECS/tigervnc.spec
+++ b/SPECS/tigervnc.spec
@@ -1,6 +1,6 @@
 Name:           tigervnc
 Version:        1.8.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A TigerVNC remote display system
 
 Group:          User Interface/Desktops
@@ -53,6 +53,7 @@ Patch4:        tigervnc-cursor.patch
 Patch6:        tigervnc-xstartup.patch
 Patch7:        tigervnc-1.3.1-CVE-2014-8240.patch
 Patch8:        tigervnc-1.3.1-do-not-die-when-port-is-already-taken.patch
+Patch9:        tigervnc-working-tls-on-fips-systems.patch
 
 # This is tigervnc-%{version}/unix/xserver116.patch rebased on the latest xorg
 Patch100:       tigervnc-xserver119.patch
@@ -179,6 +180,9 @@ popd
 # Bug 1322155 - Xorg socket conflict for VNC port 5901
 %patch8 -p1 -b .do-not-die-when-port-is-already-taken
 
+# Bug 1501165  - VNC cannot be used when FIPS is enabled because DH_BITS is too low
+%patch9 -p1 -b .working-tls-on-fips-systems
+
 %build
 %ifarch sparcv9 sparc64 s390 s390x
 export CFLAGS="$RPM_OPT_FLAGS -fPIC"
@@ -342,6 +346,10 @@ fi
 %{_datadir}/icons/hicolor/*/apps/*
 
 %changelog
+* Thu Oct 12 2017 Jan Grulich <jgrulich@redhat.com> - 1.8.0-2
+- Make TLS work on FIPS systems
+  Resolves: bz#1501165
+
 * Wed May 17 2017 Jan Grulich <jgrulich@redhat.com> - 1.8.0-1
 - Update to 1.8.0
   Resolves: bz#1388620