import perl-IO-Socket-SSL-2.066-4.el8

SOURCES/IO-Socket-SSL-2.066-use-system-default-cipher-list.patch

@@ -12,7 +12,7 @@
 +    # Use system-wide default cipher list to support use of system-wide
 +    # crypto policy (#1076390, #1127577, CPAN RT#97816)
 +    # https://fedoraproject.org/wiki/Changes/CryptoPolicy
-+    SSL_cipher_list => 'DEFAULT',
++    SSL_cipher_list => 'PROFILE=SYSTEM',
  );
  
  my %DEFAULT_SSL_CLIENT_ARGS = (
@@ -93,7 +93,7 @@
 -To use the less secure OpenSSL builtin default (whatever this is) set
 -SSL_cipher_list to ''.
 +recommended to leave this option at the default setting, which honors the
-+system-wide DEFAULT cipher list.
++system-wide PROFILE=SYSTEM cipher list.
  
  In case different cipher lists are needed for different SNI hosts a hash can be
  given with the host as key and the cipher suite as value, similar to

SPECS/perl-IO-Socket-SSL.spec

@@ -1,10 +1,11 @@
 Name:		perl-IO-Socket-SSL
 Version:	2.066
-Release:	3%{?dist}
+Release:	4%{?dist}
 Summary:	Perl library for transparent SSL
 License:	(GPL+ or Artistic) and MPLv2.0
 URL:		https://metacpan.org/release/IO-Socket-SSL
 Source0:	https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz
+# Default to a system-wide crypto-policy, bug #1775167
 Patch0:		IO-Socket-SSL-2.066-use-system-default-cipher-list.patch
 Patch1:		IO-Socket-SSL-2.066-use-system-default-SSL-version.patch
 # A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch,
@@ -124,6 +125,9 @@ make test
 %{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
 
 %changelog
+* Mon Nov 25 2019 Petr Pisar <ppisar@redhat.com> - 2.066-4
+- Default to PROFILE=SYSTEM cipher list (bug #1775167)
+
 * Wed Jun 26 2019 Paul Howarth <paul@city-fan.org> - 2.066-3
 - PublicSuffix.pm is licensed MPLv2.0 (#1724434)