From 2ad02b78adb1815446a37127c5865b9f0eabfbe2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= <ppisar@redhat.com>
Date: Mon, 25 Nov 2019 12:18:23 +0100
Subject: [PATCH] Default to PROFILE=SYSTEM cipher list

An OpenSSL identifier for a system-wide cryptopolicy cipher list is
"PROFILE=SYSTEM". "DEFAULT" is a different list.

<https://fedoraproject.org/wiki/Packaging:CryptoPolicies#C.2FC.2B.2B_applications>
---
 IO-Socket-SSL-2.066-use-system-default-cipher-list.patch | 4 ++--
 perl-IO-Socket-SSL.spec                                  | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch b/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch
index 4ae5f11..53681e3 100644
--- a/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch
+++ b/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch
@@ -12,7 +12,7 @@
 +    # Use system-wide default cipher list to support use of system-wide
 +    # crypto policy (#1076390, #1127577, CPAN RT#97816)
 +    # https://fedoraproject.org/wiki/Changes/CryptoPolicy
-+    SSL_cipher_list => 'DEFAULT',
++    SSL_cipher_list => 'PROFILE=SYSTEM',
  );
  
  my %DEFAULT_SSL_CLIENT_ARGS = (
@@ -93,7 +93,7 @@
 -To use the less secure OpenSSL builtin default (whatever this is) set
 -SSL_cipher_list to ''.
 +recommended to leave this option at the default setting, which honors the
-+system-wide DEFAULT cipher list.
++system-wide PROFILE=SYSTEM cipher list.
  
  In case different cipher lists are needed for different SNI hosts a hash can be
  given with the host as key and the cipher suite as value, similar to
diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec
index fb60599..bbec63d 100644
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@@ -1,6 +1,6 @@
 Name:		perl-IO-Socket-SSL
 Version:	2.066
-Release:	6%{?dist}
+Release:	7%{?dist}
 Summary:	Perl library for transparent SSL
 License:	(GPL+ or Artistic) and MPLv2.0
 URL:		https://metacpan.org/release/IO-Socket-SSL
@@ -115,6 +115,9 @@ make test
 %{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
 
 %changelog
+* Mon Nov 25 2019 Petr Pisar <ppisar@redhat.com> - 2.066-7
+- Default to PROFILE=SYSTEM cipher list (bug #1775167)
+
 * Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.066-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild