diff --git a/IO-Socket-SSL-2.063-use-system-default-SSL-version.patch b/IO-Socket-SSL-2.064-use-system-default-SSL-version.patch
similarity index 90%
rename from IO-Socket-SSL-2.063-use-system-default-SSL-version.patch
rename to IO-Socket-SSL-2.064-use-system-default-SSL-version.patch
index 0569738..d240e39 100644
--- a/IO-Socket-SSL-2.063-use-system-default-SSL-version.patch
+++ b/IO-Socket-SSL-2.064-use-system-default-SSL-version.patch
@@ -1,6 +1,6 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
-@@ -158,7 +158,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
+@@ -163,7 +163,7 @@ if ( defined &Net::SSLeay::CTX_set_min_p
  # global defaults
  my %DEFAULT_SSL_ARGS = (
      SSL_check_crl => 0,
@@ -9,7 +9,7 @@
      SSL_verify_callback => undef,
      SSL_verifycn_scheme => undef,  # fallback cn verification
      SSL_verifycn_publicsuffix => undef,  # fallback default list verification
-@@ -2328,7 +2328,7 @@ sub new {
+@@ -2333,7 +2333,7 @@ sub new {
  
      my $ssl_op = $DEFAULT_SSL_OP;
  
@@ -20,7 +20,7 @@
  	or croak("invalid SSL_version specified");
 --- lib/IO/Socket/SSL.pod
 +++ lib/IO/Socket/SSL.pod
-@@ -1022,11 +1022,12 @@ All values are case-insensitive.  Instea
+@@ -1028,11 +1028,12 @@ All values are case-insensitive.  Instea
  'TLSv1_3' one can also use 'TLSv11', 'TLSv12', and 'TLSv13'.  Support for
  'TLSv1_1', 'TLSv1_2', and 'TLSv1_3' requires recent versions of Net::SSLeay
  and openssl.
diff --git a/IO-Socket-SSL-2.063-use-system-default-cipher-list.patch b/IO-Socket-SSL-2.064-use-system-default-cipher-list.patch
similarity index 96%
rename from IO-Socket-SSL-2.063-use-system-default-cipher-list.patch
rename to IO-Socket-SSL-2.064-use-system-default-cipher-list.patch
index 0103ff4..170c200 100644
--- a/IO-Socket-SSL-2.063-use-system-default-cipher-list.patch
+++ b/IO-Socket-SSL-2.064-use-system-default-cipher-list.patch
@@ -1,6 +1,6 @@
 --- lib/IO/Socket/SSL.pm
 +++ lib/IO/Socket/SSL.pm
-@@ -166,10 +166,10 @@ my %DEFAULT_SSL_ARGS = (
+@@ -171,10 +171,10 @@ my %DEFAULT_SSL_ARGS = (
      SSL_npn_protocols => undef,    # meaning depends whether on server or client side
      SSL_alpn_protocols => undef,   # list of protocols we'll accept/send, for example ['http/1.1','spdy/3.1']
  
@@ -15,7 +15,7 @@
  );
  
  my %DEFAULT_SSL_CLIENT_ARGS = (
-@@ -179,63 +179,6 @@ my %DEFAULT_SSL_CLIENT_ARGS = (
+@@ -184,63 +184,6 @@ my %DEFAULT_SSL_CLIENT_ARGS = (
      SSL_ca_file => undef,
      SSL_ca_path => undef,
  
@@ -81,7 +81,7 @@
  # set values inside _init to work with perlcc, RT#95452
 --- lib/IO/Socket/SSL.pod
 +++ lib/IO/Socket/SSL.pod
-@@ -1048,12 +1048,8 @@ documentation (L<http://www.openssl.org/
+@@ -1054,12 +1054,8 @@ documentation (L<http://www.openssl.org/
  for more details.
  
  Unless you fail to contact your peer because of no shared ciphers it is
diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec
index 30ea89c..38b2fd5 100644
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@@ -1,12 +1,12 @@
 Name:		perl-IO-Socket-SSL
-Version:	2.063
+Version:	2.064
 Release:	1%{?dist}
 Summary:	Perl library for transparent SSL
 License:	GPL+ or Artistic
 URL:		https://metacpan.org/release/IO-Socket-SSL
 Source0:	https://cpan.metacpan.org/modules/by-module/IO/IO-Socket-SSL-%{version}.tar.gz
-Patch0:		IO-Socket-SSL-2.063-use-system-default-cipher-list.patch
-Patch1:		IO-Socket-SSL-2.063-use-system-default-SSL-version.patch
+Patch0:		IO-Socket-SSL-2.064-use-system-default-cipher-list.patch
+Patch1:		IO-Socket-SSL-2.064-use-system-default-SSL-version.patch
 # A test for Enable-Post-Handshake-Authentication-TLSv1.3-feature.patch,
 # bug #1632660, requires openssl tool
 Patch4:		IO-Socket-SSL-2.063-Test-client-performs-Post-Handshake-Authentication.patch
@@ -121,6 +121,15 @@ make test
 %{_mandir}/man3/IO::Socket::SSL::Utils.3*
 
 %changelog
+* Mon Mar  4 2019 Paul Howarth <paul@city-fan.org> - 2.064-1
+- Update to 2.064
+  - Make algorithm for fingerprint optional, i.e. detect based on length of
+    fingerprint (CPAN RT#127773)
+  - Fix t/sessions.t and improve stability of t/verify_hostname.t on Windows
+  - Use CTX_set_ecdh_auto when needed (OpenSSL 1.0.2) if explicit curves are
+    set
+  - Update fingerprints for live tests
+
 * Sat Mar  2 2019 Paul Howarth <paul@city-fan.org> - 2.063-1
 - Update to 2.063
   - Support for both RSA and ECDSA certificate on same domain
diff --git a/sources b/sources
index 0ffa20d..59f60b3 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (IO-Socket-SSL-2.063.tar.gz) = 31e42de5244fe1766c9c699767473d691657350a8dce115a17dde605274a0e99b460bc165625733d473febda699e07c0318a74f8398faa902683722b0c5e80cb
+SHA512 (IO-Socket-SSL-2.064.tar.gz) = a9e5b78cae1a852ec623c0ea795ecc6870e9a8b4fafe479e94653bec7d44e70ed2da1a8cc86e35baac8414ddb50ca45ca69e092e7675794430edf0d9a3d3d10a