diff --git a/.gitignore b/.gitignore
index 43d37ac..6c66c4d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/librelp-1.2.16.tar.gz
+SOURCES/librelp-1.9.0.tar.gz
diff --git a/.librelp.metadata b/.librelp.metadata
index 0525b2c..33a6638 100644
--- a/.librelp.metadata
+++ b/.librelp.metadata
@@ -1 +1 @@
-40934dba5ad2cc1184ee0a60acaf2da70dca54f4 SOURCES/librelp-1.2.16.tar.gz
+816dffa1484746b18dfb8b9adba7d7b54d5afef3 SOURCES/librelp-1.9.0.tar.gz
diff --git a/SOURCES/librelp-1.2.13-crypto-compliance.patch b/SOURCES/librelp-1.2.13-crypto-compliance.patch
deleted file mode 100644
index d5238d0..0000000
--- a/SOURCES/librelp-1.2.13-crypto-compliance.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff -up ./src/tcp.c.fix ./src/tcp.c
---- ./src/tcp.c.fix	2018-03-26 13:44:07.627189911 +0200
-+++ ./src/tcp.c	2018-03-26 13:44:51.051915920 +0200
-@@ -556,23 +556,8 @@ static relpRetVal
- relpTcpTLSSetPrio(relpTcp_t *const pThis)
- {
- 	int r;
--	char pristringBuf[4096];
--	char *pristring;
- 	ENTER_RELPFUNC;
--	/* Compute priority string (in simple cases where the user does not care...) */
--	if(pThis->pristring == NULL) {
--		if(pThis->bEnableTLSZip) {
--			strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));
--		} else {
--			strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));
--		}
--		pristringBuf[sizeof(pristringBuf)-1] = '\0';
--		pristring = pristringBuf;
--	} else {
--		pristring = pThis->pristring;
--	}
--
--	r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
-+	r = gnutls_set_default_priority(pThis->session);
- 	if(r == GNUTLS_E_INVALID_REQUEST) {
- 		ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);
- 	} else if(r != GNUTLS_E_SUCCESS) {
diff --git a/SOURCES/librelp-1.9.0-crypto-compliance.patch b/SOURCES/librelp-1.9.0-crypto-compliance.patch
new file mode 100644
index 0000000..ef054cb
--- /dev/null
+++ b/SOURCES/librelp-1.9.0-crypto-compliance.patch
@@ -0,0 +1,87 @@
+diff -up librelp-1.9.0/src/tcp.c.orig librelp-1.9.0/src/tcp.c
+--- librelp-1.9.0/src/tcp.c.orig	2021-04-26 12:50:02.988053548 +0200
++++ librelp-1.9.0/src/tcp.c	2021-04-26 15:12:58.292600192 +0200
+@@ -1155,32 +1155,8 @@ static relpRetVal LIBRELP_ATTR_NONNULL()
+ relpTcpTLSSetPrio_gtls(relpTcp_t *const pThis)
+ {
+ 	int r;
+-	char pristringBuf[4096];
+-	char *pristring;
+ 	ENTER_RELPFUNC;
+-	/* Set default priority string (in simple cases where the user does not care...) */
+-	if(pThis->pristring == NULL) {
+-		if (pThis->authmode == eRelpAuthMode_None) {
+-			if(pThis->bEnableTLSZip) {
+-				strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-ALL", sizeof(pristringBuf));
+-			} else {
+-				strncpy(pristringBuf, "NORMAL:+ANON-DH:+COMP-NULL", sizeof(pristringBuf));
+-			}
+-			pristringBuf[sizeof(pristringBuf)-1] = '\0';
+-			pristring = pristringBuf;
+-			r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
+-		} else {
+-			r = gnutls_set_default_priority(pThis->session);
+-			strncpy(pristringBuf, "to recommended system default", sizeof(pristringBuf));
+-			pristringBuf[sizeof(pristringBuf)-1] = '\0';
+-			pristring = pristringBuf;
+-		}
+-
+-	} else {
+-		pristring = pThis->pristring;
+-		r = gnutls_priority_set_direct(pThis->session, pristring, NULL);
+-	}
+-
++	r = gnutls_set_default_priority(pThis->session);
+ 	if(r == GNUTLS_E_INVALID_REQUEST) {
+ 		ABORT_FINALIZE(RELP_RET_INVLD_TLS_PRIO);
+ 	} else if(r != GNUTLS_E_SUCCESS) {
+@@ -1188,7 +1164,7 @@ relpTcpTLSSetPrio_gtls(relpTcp_t *const
+ 	}
+ 
+ finalize_it:
+-	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers '%s' iRet=%d\n", pristring, iRet);
++	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_gtls: Setting ciphers to system default iRet=%d\n", iRet);
+ 
+ 	if(iRet != RELP_RET_OK) {
+ 		chkGnutlsCode(pThis, "Failed to set GnuTLS priority", iRet, r);
+@@ -1207,37 +1183,15 @@ relpTcpTLSSetPrio_gtls(LIBRELP_ATTR_UNUS
+ static relpRetVal LIBRELP_ATTR_NONNULL()
+ relpTcpTLSSetPrio_ossl(relpTcp_t *const pThis)
+ {
+-	char pristringBuf[4096];
+-	char *pristring;
+ 	ENTER_RELPFUNC;
+-	/* Compute priority string (in simple cases where the user does not care...) */
+-	if(pThis->pristring == NULL) {
+-		if (pThis->authmode == eRelpAuthMode_None) {
+-			#if OPENSSL_VERSION_NUMBER >= 0x10100000L \
+-				&& !defined(LIBRESSL_VERSION_NUMBER)
+-			 /* NOTE: do never use: +eNULL, it DISABLES encryption! */
+-			strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL@SECLEVEL=0",
+-				sizeof(pristringBuf));
+-			#else
+-			strncpy(pristringBuf, "ALL:+COMPLEMENTOFDEFAULT:+ADH:+ECDH:+aNULL",
+-				sizeof(pristringBuf));
+-			#endif
+-		} else {
+-			strncpy(pristringBuf, "DEFAULT", sizeof(pristringBuf));
+-		}
+-		pristringBuf[sizeof(pristringBuf)-1] = '\0';
+-		pristring = pristringBuf;
+-	} else {
+-		pristring = pThis->pristring;
+-	}
+ 
+-	if ( SSL_set_cipher_list(pThis->ssl, pristring) == 0 ){
+-		pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers '%s'\n", pristring);
++	if ( SSL_set_cipher_list(pThis->ssl, "PROFILE=SYSTEM") == 0 ){
++		pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Error setting ciphers to system default\n");
+ 		ABORT_FINALIZE(RELP_RET_ERR_TLS_SETUP);
+ 	}
+ 
+ finalize_it:
+-	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers '%s' iRet=%d\n", pristring, iRet);
++	pThis->pEngine->dbgprint((char*)"relpTcpTLSSetPrio_ossl: Setting ciphers to system default iRet=%d\n", iRet);
+ 	LEAVE_RELPFUNC;
+ }
+ #else
diff --git a/SPECS/librelp.spec b/SPECS/librelp.spec
index 0a82c97..c46d516 100644
--- a/SPECS/librelp.spec
+++ b/SPECS/librelp.spec
@@ -1,6 +1,6 @@
 Summary: The Reliable Event Logging Protocol library
 Name: librelp
-Version: 1.2.16
+Version: 1.9.0
 Release: 1%{?dist}
 License: GPLv3+
 Group: System Environment/Libraries
@@ -8,9 +8,11 @@ URL: http://www.rsyslog.com/
 Source0: http://download.rsyslog.com/librelp/%{name}-%{version}.tar.gz
 Requires(post): /sbin/ldconfig
 Requires(postun): /sbin/ldconfig
+Requires: openssl-libs
 BuildRequires: gnutls-devel >= 1.4.0
+BuildRequires: openssl-devel
 
-Patch0: librelp-1.2.13-crypto-compliance.patch
+Patch0: librelp-1.9.0-crypto-compliance.patch
 
 %description
 Librelp is an easy to use library for the RELP protocol. RELP (stands
@@ -33,7 +35,7 @@ to develop applications using librelp.
 
 %prep
 %setup -q
-%patch0 -p1
+%patch0 -p1 -b .crypto-compliance
 
 %build
 autoreconf -ivf
@@ -65,6 +67,14 @@ fi
 %{_libdir}/pkgconfig/relp.pc
 
 %changelog
+* Mon Apr 26 2021 Attila Lakatos <alakatos@redhat.com> - 1.9.0-1
+- rebase to 1.9.0
+- add patch to comply with crypto policies
+- add support for openssl
+  resolves: rhbz#1932783
+- Properly end TLS connections
+  resolves: rhbz#1886400
+
 * Wed Aug 08 2018 Jiri Vymazal <jvymazal@redhat.com> - 1.2.16-1
 - rebase to 1.2.16
   resolves: rhbz#1613876