diff --git a/profiles/apparmor.d/abstractions/base b/profiles/apparmor.d/abstractions/base
index cf939ebdc..a03be4b07 100644
--- a/profiles/apparmor.d/abstractions/base
+++ b/profiles/apparmor.d/abstractions/base
@@ -12,6 +12,7 @@
 
   abi <abi/3.0>,
 
+  include <abstractions/crypto>
 
   # (Note that the ldd profile has inlined this file; if you make
   # modifications here, please consider including them in the ldd
@@ -104,9 +105,6 @@
   # glibc's *printf protections read the maps file
   @{PROC}/@{pid}/{maps,auxv,status} r,
 
-  # libgcrypt reads some flags from /proc
-  @{PROC}/sys/crypto/*           r,
-
   # some applications will display license information
   /usr/share/common-licenses/**  r,
 
diff --git a/profiles/apparmor.d/abstractions/crypto b/profiles/apparmor.d/abstractions/crypto
new file mode 100644
index 000000000..83676003d
--- /dev/null
+++ b/profiles/apparmor.d/abstractions/crypto
@@ -0,0 +1,26 @@
+# vim:syntax=apparmor
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2002-2009 Novell/SUSE
+#    Copyright (C) 2009-2011 Canonical Ltd.
+#    Copyright (C) 2021 Christian Boltz
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+
+  abi <abi/3.0>,
+
+  @{etc_ro}/gcrypt/random.conf r,
+  @{PROC}/sys/crypto/fips_enabled r,
+
+  # libgcrypt reads some flags from /proc
+  @{PROC}/sys/crypto/* r,
+
+  # crypto policies used by various libraries
+  /etc/crypto-policies/*/*.txt r,
+  /usr/share/crypto-policies/*/*.txt r,
+
+  include if exists <abstractions/crypto.d>
diff --git a/profiles/apparmor.d/abstractions/openssl b/profiles/apparmor.d/abstractions/openssl
index 7dec53bf8..8ed90bc25 100644
--- a/profiles/apparmor.d/abstractions/openssl
+++ b/profiles/apparmor.d/abstractions/openssl
@@ -12,8 +12,6 @@
 
   /etc/ssl/openssl.cnf r,
   /usr/share/ssl/openssl.cnf r,
-  @{PROC}/sys/crypto/fips_enabled r,
-
 
   # Include additions to the abstraction
   include if exists <abstractions/openssl.d>
diff --git a/profiles/apparmor.d/abstractions/ssl_certs b/profiles/apparmor.d/abstractions/ssl_certs
index b6ba6c0c7..57d0f41a2 100644
--- a/profiles/apparmor.d/abstractions/ssl_certs
+++ b/profiles/apparmor.d/abstractions/ssl_certs
@@ -41,9 +41,5 @@
   /etc/certbot/archive/*/chain*.pem r,
   /etc/certbot/archive/*/fullchain*.pem r,
 
-  # crypto policies used by various libraries
-  /etc/crypto-policies/*/*.txt r,
-  /usr/share/crypto-policies/*/*.txt r,
-
   # Include additions to the abstraction
   include if exists <abstractions/ssl_certs.d>