diff --git a/AusweisApp2.spec b/AusweisApp2.spec
index b3d8c82..0a5bd66 100644
--- a/AusweisApp2.spec
+++ b/AusweisApp2.spec
@@ -16,6 +16,9 @@ fipshmac "$bindir/%{name}"                   \
 # Build and package Doxygen documentation?
 %bcond_without    doxy
 
+# Needed for generation of application specific OpenSSL configuration.
+%global ossl_cnf  %{_datadir}/crypto-policies/DEFAULT/opensslcnf.txt
+
 # Package summary.  Gets overwritten by subpackages otherwise.
 %global pkg_sum   Online identification with German ID card (Personalausweis)
 
@@ -158,13 +161,18 @@ system_default = AusweisApp2_ciphers
 
 [AusweisApp2_ciphers]
 EOF
-grep 'CipherString' %{_datadir}/crypto-policies/DEFAULT/opensslcnf.txt |  \
-sed -e 's!:-!:kRSAPSK&!' -e 's!:-kRSAPSK!!' -e 's!:-AES128!!'             \
-    -e 's!:-SHA1!!' -e 's!:-SHA256!!' -e 's!:-SHA384!!'                   \
+grep 'CipherString' < %{ossl_cnf}  | \
+sed -e 's!:kRSAPSK!!'                \
+    -e 's!:-kRSAPSK!!'               \
+    -e 's!:-AES128!!'                \
+    -e 's!:-SHA1!!'                  \
+    -e 's!:-SHA256!!'                \
+    -e 's!:-SHA384!!'                \
+    -e 's!:-!:kRSAPSK&!'             \
   >> %{name}_openssl.cnf
-grep -v 'CipherString' %{_datadir}/crypto-policies/DEFAULT/opensslcnf.txt \
+grep -v 'CipherString' < %{ossl_cnf}                 | \
+sed -e 's!^MinProtocol =.*$!MinProtocol = TLSv1.2!'    \
   >> %{name}_openssl.cnf
-sed -i -e 's!^MinProtocol =.*$!MinProtocol = TLSv1.2!' %{name}_openssl.cnf
 
 # Create the shell wrapper.
 cat << EOF > %{name}_wrapper.sh