diff --git a/IO-Socket-SSL-2.067-openssl-1.1.1e.patch b/IO-Socket-SSL-2.067-openssl-1.1.1e.patch
deleted file mode 100644
index 6a64868..0000000
--- a/IO-Socket-SSL-2.067-openssl-1.1.1e.patch
+++ /dev/null
@@ -1,44 +0,0 @@
---- lib/IO/Socket/SSL.pm
-+++ lib/IO/Socket/SSL.pm
-@@ -38,6 +38,7 @@ BEGIN {
- # results from commonly used constant functions from Net::SSLeay for fast access
- my $Net_SSLeay_ERROR_WANT_READ   = Net::SSLeay::ERROR_WANT_READ();
- my $Net_SSLeay_ERROR_WANT_WRITE  = Net::SSLeay::ERROR_WANT_WRITE();
-+my $Net_SSLeay_ERROR_SSL         = Net::SSLeay::ERROR_SSL();
- my $Net_SSLeay_ERROR_SYSCALL     = Net::SSLeay::ERROR_SYSCALL();
- my $Net_SSLeay_VERIFY_NONE       = Net::SSLeay::VERIFY_NONE();
- my $Net_SSLeay_VERIFY_PEER       = Net::SSLeay::VERIFY_PEER();
-@@ -1196,6 +1197,11 @@ sub _generic_read {
- 		    last;
- 		}
- 	    }
-+	    if ($err == $Net_SSLeay_ERROR_SSL) {
-+		# OpenSSL 1.1.1e+
-+		$data = '';
-+		last;
-+	    }
- 	    $self->error("SSL read error");
- 	}
- 	return;
-@@ -1274,6 +1280,11 @@ sub _generic_write {
-     }
-     if ( !defined($written) ) {
- 	if ( my $err = $self->_skip_rw_error( $ssl,-1 )) {
-+	    # if ERROR_SSL then make it look like it used to do
-+	    if ( $err == $Net_SSLeay_ERROR_SSL ) {
-+	        $err = $Net_SSLeay_ERROR_SYSCALL;
-+	        $! = 0;
-+	    }
- 	    # if $! is not set with ERROR_SYSCALL then report as EPIPE
- 	    $! ||= EPIPE if $err == $Net_SSLeay_ERROR_SYSCALL;
- 	    $self->error("SSL write error ($err)");
---- t/core.t
-+++ t/core.t
-@@ -130,6 +130,7 @@ unless (fork) {
- 		    4.0,
- 		    ord("y"),
- 		    "Test\nBeaver\nBeaver\n");
-+    Net::SSLeay::shutdown($client->_get_ssl_object);
-     shutdown($client, 1);
- 
-     my $buffer="\0\0aaaaaaaaaaaaaaaaaaaa";
diff --git a/IO-Socket-SSL-2.068-openssl-1.1.1e.patch b/IO-Socket-SSL-2.068-openssl-1.1.1e.patch
new file mode 100644
index 0000000..c6cbd20
--- /dev/null
+++ b/IO-Socket-SSL-2.068-openssl-1.1.1e.patch
@@ -0,0 +1,15 @@
+--- Makefile.PL
++++ Makefile.PL
+@@ -68,12 +68,6 @@ if (my $compiled = eval {
+ 	die sprintf("API-different OpenSSL versions compiled in (0x%08x) vs linked (0x%08x)",
+ 	    $compiled,$linked);
+     }
+-
+-    # OpenSSL 1.1.1e introduced behavior changes breaking various code
+-    # will likely be reverted  in 1.1.1f - enforce to not use this version
+-    if ($linked == 0x1010105f) {
+-	die "detected OpenSSL 1.1.1e - please use a different version\n";
+-    }
+ }
+ 
+ # make sure that we have dualvar from the XS Version of Scalar::Util
diff --git a/IO-Socket-SSL-2.067-use-system-default-SSL-version.patch b/IO-Socket-SSL-2.068-use-system-default-SSL-version.patch
similarity index 94%
rename from IO-Socket-SSL-2.067-use-system-default-SSL-version.patch
rename to IO-Socket-SSL-2.068-use-system-default-SSL-version.patch
index 462dfb7..732ce31 100644
--- a/IO-Socket-SSL-2.067-use-system-default-SSL-version.patch
+++ b/IO-Socket-SSL-2.068-use-system-default-SSL-version.patch
@@ -1,6 +1,6 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
-@@ -195,7 +195,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
+@@ -194,7 +194,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
  # global defaults
  my %DEFAULT_SSL_ARGS = (
      SSL_check_crl => 0,
@@ -9,7 +9,7 @@
      SSL_verify_callback => undef,
      SSL_verifycn_scheme => undef,  # fallback cn verification
      SSL_verifycn_publicsuffix => undef,  # fallback default list verification
-@@ -2394,7 +2394,7 @@ sub new {
+@@ -2383,7 +2383,7 @@ sub new {
  
      my $ssl_op = $DEFAULT_SSL_OP;
  
diff --git a/IO-Socket-SSL-2.067-use-system-default-cipher-list.patch b/IO-Socket-SSL-2.068-use-system-default-cipher-list.patch
similarity index 99%
rename from IO-Socket-SSL-2.067-use-system-default-cipher-list.patch
rename to IO-Socket-SSL-2.068-use-system-default-cipher-list.patch
index a4d8674..800ab64 100644
--- a/IO-Socket-SSL-2.067-use-system-default-cipher-list.patch
+++ b/IO-Socket-SSL-2.068-use-system-default-cipher-list.patch
@@ -1,6 +1,6 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
-@@ -203,77 +203,17 @@ my %DEFAULT_SSL_ARGS = (
+@@ -202,77 +202,17 @@ my %DEFAULT_SSL_ARGS = (
      SSL_npn_protocols => undef,    # meaning depends whether on server or client side
      SSL_alpn_protocols => undef,   # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
  
diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec
index 7a2ddd9..da850d5 100644
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@@ -2,18 +2,18 @@
 %bcond_without perl_IO_Socket_SSL_test_IO_Socket_INET6
 
 Name:		perl-IO-Socket-SSL
-Version:	2.067
-Release:	2%{?dist}
+Version:	2.068
+Release:	1%{?dist}
 Summary:	Perl library for transparent SSL
 License:	(GPL+ or Artistic) and MPLv2.0
 URL:		https://metacpan.org/release/IO-Socket-SSL
 Source0:	https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz
-Patch0:		IO-Socket-SSL-2.067-use-system-default-cipher-list.patch
-Patch1:		IO-Socket-SSL-2.067-use-system-default-SSL-version.patch
+Patch0:		IO-Socket-SSL-2.068-use-system-default-cipher-list.patch
+Patch1:		IO-Socket-SSL-2.068-use-system-default-SSL-version.patch
 # A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch,
 # bug #1632660, requires openssl tool
 Patch2:		IO-Socket-SSL-2.066-Test-client-performs-Post-Handshake-Authentication.patch
-Patch3:		IO-Socket-SSL-2.067-openssl-1.1.1e.patch
+Patch3:		IO-Socket-SSL-2.068-openssl-1.1.1e.patch
 BuildArch:	noarch
 # Module Build
 BuildRequires:	coreutils
@@ -80,8 +80,8 @@ mod_perl.
 %prep
 %setup -q -n IO-Socket-SSL-%{version}
 
-# Fix FTBFS with OpenSSL 1.1.1e
-# https://github.com/noxxi/p5-io-socket-ssl/issues/93
+# Allow building with OpenSSL 1.1.1e as the Fedora package has the
+# problematic EOF handling change reverted
 %patch3
 
 # Use system-wide default cipher list to support use of system-wide
@@ -127,6 +127,17 @@ make test
 %{_mandir}/man3/IO::Socket::SSL::PublicSuffix.3*
 
 %changelog
+* Tue Mar 31 2020 Paul Howarth <paul@city-fan.org> - 2.068-1
+- Update to 2.068
+  - Treat OpenSSL 1.1.1e as broken and refuse to build with it in order to
+    prevent follow-up problems in tests and user code
+    https://github.com/noxxi/p5-io-socket-ssl/issues/93
+    https://github.com/openssl/openssl/issues/11388
+    https://github.com/openssl/openssl/issues/11378
+  - Update PublicSuffix with latest data from publicsuffix.org
+- Patch out the refusal to build with OpenSSL 1.1.1e as the OpenSSL package in
+  Fedora has had the problematic EOF-handling change reverted
+
 * Sat Mar 21 2020 Paul Howarth <paul@city-fan.org> - 2.067-2
 - Fix FTBFS with OpenSSL 1.1.1e
   https://github.com/noxxi/p5-io-socket-ssl/issues/93
diff --git a/sources b/sources
index 5adf803..56b890f 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (IO-Socket-SSL-2.067.tar.gz) = b7b9edc470f2283c363a6296d3ce23f8754cc1b1a763329ccc8a0bc81dca7ffbaf9a833fc8ac31e62f5f72cab7c689ea0d4d0e293f75fe176d1b5c71ed723516
+SHA512 (IO-Socket-SSL-2.068.tar.gz) = 9bccce1a85d24a4e06394a7a0eb8c1c834a71d1fecf99e3a7c0fea1828dcad0da24768bfe0db996d70f3e153135fc958d85ae65fab300ebfd8b520441aa27cfa