diff --git a/.gitignore b/.gitignore
index f5c065b..538be76 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,3 +31,4 @@ php-5.5.*.xz
 /php-5.6.0RC4-strip.tar.xz
 /php-5.6.0-strip.tar.xz
 /php-5.6.1RC1-strip.tar.xz
+/php-5.6.1-strip.tar.xz
diff --git a/php-bug68074.patch b/php-bug68074.patch
new file mode 100644
index 0000000..04451c1
--- /dev/null
+++ b/php-bug68074.patch
@@ -0,0 +1,60 @@
+From 0d776ef87b7b0c1e970c424cc5dcdf4cd6f500ac Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@php.net>
+Date: Wed, 24 Sep 2014 10:34:55 +0200
+Subject: [PATCH] Fix bug #68074 Allow to use system cipher list instead of
+ hardcoded value
+
+---
+ ext/openssl/config0.m4 | 6 ++++++
+ ext/openssl/xp_ssl.c   | 9 ++++++---
+ 2 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/ext/openssl/config0.m4 b/ext/openssl/config0.m4
+index a97114f..701e488 100644
+--- a/ext/openssl/config0.m4
++++ b/ext/openssl/config0.m4
+@@ -8,6 +8,9 @@ PHP_ARG_WITH(openssl, for OpenSSL support,
+ PHP_ARG_WITH(kerberos, for Kerberos support,
+ [  --with-kerberos[=DIR]     OPENSSL: Include Kerberos support], no, no)
+ 
++PHP_ARG_WITH(system-ciphers, whether to use system default cipher list instead of hardcoded value,
++[  --with-system-ciphers   OPENSSL: Use system default cipher list instead of hardcoded value], no, no)
++
+ if test "$PHP_OPENSSL" != "no"; then
+   PHP_NEW_EXTENSION(openssl, openssl.c xp_ssl.c, $ext_shared)
+   PHP_SUBST(OPENSSL_SHARED_LIBADD)
+@@ -25,4 +28,7 @@ if test "$PHP_OPENSSL" != "no"; then
+   ], [
+     AC_MSG_ERROR([OpenSSL check failed. Please check config.log for more information.])
+   ])
++  if test "$PHP_SYSTEM_CIPHERS" != "no"; then
++    AC_DEFINE(USE_OPENSSL_SYSTEM_CIPHERS,1,[ Use system default cipher list instead of hardcoded value ])
++  fi
+ fi
+diff --git a/ext/openssl/xp_ssl.c b/ext/openssl/xp_ssl.c
+index de9e991..2f81dc7 100644
+--- a/ext/openssl/xp_ssl.c
++++ b/ext/openssl/xp_ssl.c
+@@ -1476,13 +1476,16 @@ int php_openssl_setup_crypto(php_stream *stream,
+ 	}
+ 
+ 	GET_VER_OPT_STRING("ciphers", cipherlist);
++#ifndef USE_OPENSSL_SYSTEM_CIPHERS
+ 	if (!cipherlist) {
+ 		cipherlist = OPENSSL_DEFAULT_STREAM_CIPHERS;
+ 	}
+-	if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) {
+-		return FAILURE;
++#endif
++	if (cipherlist) {
++		if (SSL_CTX_set_cipher_list(sslsock->ctx, cipherlist) != 1) {
++			return FAILURE;
++		}
+ 	}
+-
+ 	if (FAILURE == set_local_cert(sslsock->ctx, stream TSRMLS_CC)) {
+ 		return FAILURE;
+ 	}
+-- 
+2.1.0
+
diff --git a/php.ini b/php.ini
index 42e85a5..b462a9d 100644
--- a/php.ini
+++ b/php.ini
@@ -1681,6 +1681,7 @@ mssql.secure_connection = Off
 ; The precedence is: default_charset < output_encoding < mbstring.http_output
 ; To use an output encoding conversion, mbstring's output handler must be set
 ; otherwise output encoding conversion cannot be performed.
+; http://php.net/mbstring.http-output
 ;mbstring.http_output =
 
 ; enable automatic encoding translation according to
@@ -1692,7 +1693,7 @@ mssql.secure_connection = Off
 ;mbstring.encoding_translation = Off
 
 ; automatic encoding detection order.
-; "auto" detect order is changed accoding to mbstring.language
+; "auto" detect order is changed according to mbstring.language
 ; http://php.net/mbstring.detect-order
 ;mbstring.detect_order = auto
 
diff --git a/php.spec b/php.spec
index 7ac34f8..9c1e677 100644
--- a/php.spec
+++ b/php.spec
@@ -57,12 +57,12 @@
 %global db_devel  libdb-devel
 %endif
 
-%global rcver         RC1
+#global rcver         RC1
 
 Summary: PHP scripting language for creating dynamic web sites
 Name: php
 Version: 5.6.1
-Release: 0.2.RC1%{?dist}
+Release: 1%{?dist}
 # All files licensed under PHP version 3.01, except
 # Zend is licensed under Zend
 # TSRM is licensed under BSD
@@ -114,6 +114,7 @@ Patch46: php-5.4.9-fixheader.patch
 Patch47: php-5.4.9-phpinfo.patch
 
 # Upstream fixes (100+)
+Patch100: php-bug68074.patch
 
 # Security fixes (200+)
 
@@ -718,6 +719,7 @@ httpd -V  | grep -q 'threaded:.*yes' && exit 1
 %patch47 -p1 -b .phpinfo
 
 # upstream patches
+%patch100 -p1 -b .bug68074
 
 # security patches
 
@@ -878,6 +880,7 @@ ln -sf ../configure
     --without-gdbm \
     --with-jpeg-dir=%{_prefix} \
     --with-openssl \
+    --with-system-ciphers \
     --with-pcre-regex=%{_prefix} \
     --with-zlib \
     --with-layout=GNU \
@@ -1481,7 +1484,13 @@ rm -f README.{Zeus,QNX,CVS-RULES}
 
 
 %changelog
-* Tue Sep 24 2014 Remi Collet <rcollet@redhat.com> 5.6.1-0.2.RC1
+* Fri Oct  3 2014 Remi Collet <remi@fedoraproject.org> 5.6.1-1
+- Update to PHP 5.6.1
+  http://php.net/releases/5_6_1.php
+- use default system cipher list by Fedora policy
+  http://fedoraproject.org/wiki/Changes/CryptoPolicy
+
+* Wed Sep 24 2014 Remi Collet <rcollet@redhat.com> 5.6.1-0.2.RC1
 - provides nginx configuration (see #1142298)
 
 * Sat Sep 13 2014 Remi Collet <rcollet@redhat.com> 5.6.1-0.1.RC1
diff --git a/sources b/sources
index 9895ad4..eb0b611 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-3b485b7b9844588ca54548b27ed874fc  php-5.6.1RC1-strip.tar.xz
+2827aeded7a1428819e0612a0eea940e  php-5.6.1-strip.tar.xz