diff --git a/strongswan-5.8.4-openssl-disable-fips.patch b/strongswan-5.8.4-openssl-disable-fips.patch
new file mode 100644
index 0000000..cdac933
--- /dev/null
+++ b/strongswan-5.8.4-openssl-disable-fips.patch
@@ -0,0 +1,12 @@
+diff -rupN strongswan-5.8.4.old/conf/plugins/openssl.conf strongswan-5.8.4/conf/plugins/openssl.conf
+--- strongswan-5.8.4.old/conf/plugins/openssl.conf	2020-03-26 09:26:29.000000000 +0100
++++ strongswan-5.8.4/conf/plugins/openssl.conf	2020-04-07 14:57:09.177317568 +0200
+@@ -4,7 +4,7 @@ openssl {
+     # engine_id = pkcs11
+ 
+     # Set OpenSSL FIPS mode: disabled(0), enabled(1), Suite B enabled(2).
+-    # fips_mode = 0
++    fips_mode = 0
+ 
+     # Whether to load the plugin. Can also be an integer to increase the
+     # priority of this plugin.
diff --git a/strongswan.spec b/strongswan.spec
index a7be603..90bc47c 100644
--- a/strongswan.spec
+++ b/strongswan.spec
@@ -9,13 +9,15 @@
 Summary:	IPSEC implementation
 Name:		strongswan
 Version:	5.8.4
-Release:	1
+Release:	2
 License:	GPLv2+
 Group:		System/Servers
 Url:		https://www.strongswan.org/
 Source0:	http://download.strongswan.org/%{name}-%{version}.tar.bz2
 Source1:	tmpfiles-%{name}.conf
 Patch0:		strongswan-5.6.0-uintptr_t.patch
+# To fix openssl plugin failure at loading (rbz #10579)
+Patch1:		strongswan-5.8.4-openssl-disable-fips.patch
 Source100:	%{name}.rpmlintrc
 BuildRequires:	bison
 BuildRequires:	byacc
@@ -55,15 +57,32 @@ on a freeswan enabled kernel.
 
 %files
 %doc COPYING NEWS README TODO
+%config(noreplace) %{_sysconfdir}/dbus-1/system.d/nm-%{name}-service.conf
 %dir %{_sysconfdir}/%{name}
-
 %config(noreplace) %{_sysconfdir}/%{name}/ipsec.conf
 %config(noreplace) %{_sysconfdir}/%{name}/ipsec.secrets
 %config(noreplace) %{_sysconfdir}/%{name}/%{name}.conf
-%{_sysconfdir}/%{name}/ipsec.d/
-%{_sysconfdir}/%{name}/%{name}.d
-%{_sysconfdir}/%{name}/swanctl
-%{_sysconfdir}/dbus-1/system.d/nm-%{name}-service.conf
+%dir %{_sysconfdir}/%{name}/ipsec.d
+%dir %{_sysconfdir}/%{name}/%{name}.d
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/aikgen.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/attest.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/charon.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/charon-logging.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/charon-systemd.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/imcv.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/pki.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/scepclient.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/sec-updater.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/starter.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/swanctl.conf
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/tnc.conf
+%dir %{_sysconfdir}/%{name}/%{name}.d/charon
+#{_sysconfdir}/%%{name}/%%{name}.d/charon/*.conf
+# We need to prevent overwriting of user's custom config
+# but there are near 90 files here...
+%config(noreplace) %{_sysconfdir}/%{name}/%{name}.d/charon/*.conf
+%dir %{_sysconfdir}/%{name}/swanctl
+%config(noreplace) %{_sysconfdir}/%{name}/swanctl/swanctl.conf
 %{_tmpfilesdir}/%{name}.conf
 %{_unitdir}/%{name}.service
 %{_unitdir}/%{name}-starter.service
@@ -284,6 +303,7 @@ remote attestation and scanner and test IMCs and IMVs.
 %prep
 %setup -q
 %patch0 -p1
+%patch1 -p1
 
 
 %build