diff --git a/include/libssh/pki.h b/include/libssh/pki.h
index cfee6ac1..d2ef3ee5 100644
--- a/include/libssh/pki.h
+++ b/include/libssh/pki.h
@@ -46,8 +46,9 @@
 #define MAX_PUBKEY_SIZE 0x100000 /* 1M */
 #define MAX_PRIVKEY_SIZE 0x400000 /* 4M */
 
-#define RSA_MIN_KEY_SIZE     1024
-#define RSA_DEFAULT_KEY_SIZE 3072
+#define RSA_MIN_KEY_SIZE      1024
+#define RSA_MIN_FIPS_KEY_SIZE 2048
+#define RSA_DEFAULT_KEY_SIZE  3072
 
 #define SSH_KEY_FLAG_EMPTY   0x0
 #define SSH_KEY_FLAG_PUBLIC  0x0001
diff --git a/src/pki.c b/src/pki.c
index dca3eae5..e9366a26 100644
--- a/src/pki.c
+++ b/src/pki.c
@@ -449,7 +449,7 @@ bool ssh_key_size_allowed_rsa(int min_size, ssh_key key)
 
     if (min_size < RSA_MIN_KEY_SIZE) {
         if (ssh_fips_mode()) {
-            min_size = 2048;
+            min_size = RSA_MIN_FIPS_KEY_SIZE;
         } else {
             min_size = RSA_MIN_KEY_SIZE;
         }