diff --git a/java-11-openjdk.spec b/java-11-openjdk.spec
index fc14090..e2a4e4b 100644
--- a/java-11-openjdk.spec
+++ b/java-11-openjdk.spec
@@ -957,7 +957,7 @@ Provides: java-src%{?1} = %{epoch}:%{version}-%{release}
Name: java-%{javaver}-%{origin}
Version: %{newjavaver}.%{buildver}
-Release: 1%{?dist}
+Release: 2%{?dist}
# java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
# and this change was brought into RHEL-4. java-1.5.0-ibm packages
# also included the epoch in their virtual provides. This created a
@@ -1028,10 +1028,12 @@ Patch2: rh1648644-java_access_bridge_privileged_security.patch
# for all providers unconditionally
Patch525: rh1022017-reduce_ssl_curves.patch
Patch3: rh649512-remove_uses_of_far_in_jpeg_libjpeg_turbo_1_4_compat_for_jdk10_and_up.patch
-# Follow system wide crypto policy RHBZ#1249083
-Patch4: pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
+# PR3694, RH1340845: Add security.useSystemPropertiesFile option to java.security to use system crypto policy
+Patch4: pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
# System NSS via SunEC Provider
-Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch
+Patch5: pr1983-rh1565658-support_using_the_system_installation_of_nss_with_the_sunec_provider_jdk11.patch
+# PR3695: Allow use of system crypto policy to be disabled by the user
+Patch6: pr3695-toggle_system_crypto_policy.patch
#############################################
#
@@ -1318,6 +1320,7 @@ pushd %{top_level_dir_name}
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
@@ -1874,6 +1877,10 @@ require "copy_jdk_configs.lua"
%changelog
+* Thu Feb 07 2019 Andrew John Hughes <gnu.andrew@redhat.com> - 1:11.0.2.7-2
+- Add PR3695 to allow the system crypto policy to be turned off.
+- Correct original system crypto policy patch to refer to OpenJDK 11 bug (PR3694)
+
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:11.0.2.7-1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
diff --git a/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch b/pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
similarity index 98%
rename from pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
rename to pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
index 4efbe9a..97f276f 100644
--- a/pr3183-rh1340845-support_fedora_rhel_system_crypto_policy.patch
+++ b/pr3694-rh1340845-support_fedora_rhel_system_crypto_policy.patch
@@ -4,7 +4,7 @@
# Date 1478057514 0
# Node ID 1c4d5cb2096ae55106111da200b0bcad304f650c
# Parent 3d53f19b48384e5252f4ec8891f7a3a82d77af2a
-PR3183: Support Fedora/RHEL system crypto policy
+PR3694: Support Fedora/RHEL system crypto policy
diff -r 3d53f19b4838 -r 1c4d5cb2096a src/java.base/share/classes/java/security/Security.java
--- a/src/java.base/share/classes/java/security/Security.java Wed Oct 26 03:51:39 2016 +0100
+++ b/src/java.base/share/classes/java/security/Security.java Wed Nov 02 03:31:54 2016 +0000
diff --git a/pr3695-toggle_system_crypto_policy.patch b/pr3695-toggle_system_crypto_policy.patch
new file mode 100644
index 0000000..3799237
--- /dev/null
+++ b/pr3695-toggle_system_crypto_policy.patch
@@ -0,0 +1,78 @@
+# HG changeset patch
+# User andrew
+# Date 1545198926 0
+# Wed Dec 19 05:55:26 2018 +0000
+# Node ID f2cbd688824c128db7fa848c8732fb0ab3507776
+# Parent 81f07f6d1f8b7b51b136d3974c61bc8bb513770c
+PR3695: Allow use of system crypto policy to be disabled by the user
+Summary: Read user overrides first so security.useSystemPropertiesFile can be disabled and add -Djava.security.disableSystemPropertiesFile
+
+diff --git a/src/java.base/share/classes/java/security/Security.java b/src/java.base/share/classes/java/security/Security.java
+--- a/src/java.base/share/classes/java/security/Security.java
++++ b/src/java.base/share/classes/java/security/Security.java
+@@ -125,31 +125,6 @@
+ }
+
+ if ("true".equalsIgnoreCase(props.getProperty
+- ("security.useSystemPropertiesFile"))) {
+-
+- // now load the system file, if it exists, so its values
+- // will win if they conflict with the earlier values
+- try (BufferedInputStream bis =
+- new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
+- props.load(bis);
+- loadedProps = true;
+-
+- if (sdebug != null) {
+- sdebug.println("reading system security properties file " +
+- SYSTEM_PROPERTIES);
+- sdebug.println(props.toString());
+- }
+- } catch (IOException e) {
+- if (sdebug != null) {
+- sdebug.println
+- ("unable to load security properties from " +
+- SYSTEM_PROPERTIES);
+- e.printStackTrace();
+- }
+- }
+- }
+-
+- if ("true".equalsIgnoreCase(props.getProperty
+ ("security.overridePropertiesFile"))) {
+
+ String extraPropFile = System.getProperty
+@@ -215,6 +190,33 @@
+ }
+ }
+
++ String disableSystemProps = System.getProperty("java.security.disableSystemPropertiesFile");
++ if (disableSystemProps == null &&
++ "true".equalsIgnoreCase(props.getProperty
++ ("security.useSystemPropertiesFile"))) {
++
++ // now load the system file, if it exists, so its values
++ // will win if they conflict with the earlier values
++ try (BufferedInputStream bis =
++ new BufferedInputStream(new FileInputStream(SYSTEM_PROPERTIES))) {
++ props.load(bis);
++ loadedProps = true;
++
++ if (sdebug != null) {
++ sdebug.println("reading system security properties file " +
++ SYSTEM_PROPERTIES);
++ sdebug.println(props.toString());
++ }
++ } catch (IOException e) {
++ if (sdebug != null) {
++ sdebug.println
++ ("unable to load security properties from " +
++ SYSTEM_PROPERTIES);
++ e.printStackTrace();
++ }
++ }
++ }
++
+ if (!loadedProps) {
+ initializeStatic();
+ if (sdebug != null) {