diff --git a/stunnel-5.56-default-tls-version.patch b/stunnel-5.56-default-tls-version.patch
new file mode 100644
index 0000000..e47739f
--- /dev/null
+++ b/stunnel-5.56-default-tls-version.patch
@@ -0,0 +1,80 @@
+--- stunnel-5.56/src/prototypes.h.default-tls-version	2020-04-06 11:22:24.480280384 +0200
++++ stunnel-5.56/src/prototypes.h	2020-04-06 11:21:05.407597053 +0200
+@@ -897,6 +897,9 @@ ICON_IMAGE load_icon_default(ICON_TYPE);
+ ICON_IMAGE load_icon_file(const char *);
+ #endif
+ 
++#define USE_DEFAULT_TLS_VERSION ((long unsigned)-2) /* Use defaults in OpenSSL
++                                                       crypto policies */
++
+ #endif /* defined PROTOTYPES_H */
+
+ /* end of prototypes.h */
+--- stunnel-5.56/src/options.c.default-tls-version	2020-04-06 11:14:41.993334510 +0200
++++ stunnel-5.56/src/options.c	2020-04-06 11:22:37.393391977 +0200
+@@ -3142,7 +3142,10 @@ NOEXPORT char *parse_service_option(CMD
+     /* sslVersionMax */
+     switch(cmd) {
+     case CMD_SET_DEFAULTS:
+-        section->max_proto_version=0; /* highest supported */
++        section->max_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in
++                                                               OpenSSL crypto
++                                                               policies.Do not
++                                                               override it */
+         break;
+     case CMD_SET_COPY:
+         section->max_proto_version=new_service_options.max_proto_version;
+@@ -3173,7 +3176,10 @@ NOEXPORT char *parse_service_option(CMD
+     /* sslVersionMin */
+     switch(cmd) {
+     case CMD_SET_DEFAULTS:
+-        section->min_proto_version=TLS1_VERSION;
++        section->min_proto_version=USE_DEFAULT_TLS_VERSION; /* use defaults in
++                                                               OpenSSL crypto
++                                                               policies. Do not
++                                                               override it */
+         break;
+     case CMD_SET_COPY:
+         section->min_proto_version=new_service_options.min_proto_version;
+--- stunnel-5.56/src/ctx.c.default-tls-version	2019-10-24 10:48:11.000000000 +0200
++++ stunnel-5.56/src/ctx.c	2020-04-06 11:16:48.406406794 +0200
+@@ -143,17 +143,29 @@ int context_init(SERVICE_OPTIONS *sectio
+         section->ctx=SSL_CTX_new(TLS_client_method());
+     else /* server mode */
+         section->ctx=SSL_CTX_new(TLS_server_method());
+-    if(!SSL_CTX_set_min_proto_version(section->ctx,
+-            section->min_proto_version)) {
+-        s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
+-            section->min_proto_version);
+-        return 1; /* FAILED */
++
++    if (section->min_proto_version == USE_DEFAULT_TLS_VERSION) {
++        s_log(LOG_INFO, "Using the default TLS version as specified in \
++                OpenSSL crypto policies. Not setting explicitly.");
++    } else {
++        if(!SSL_CTX_set_min_proto_version(section->ctx,
++                    section->min_proto_version)) {
++            s_log(LOG_ERR, "Failed to set the minimum protocol version 0x%X",
++                    section->min_proto_version);
++            return 1; /* FAILED */
++        }
+     }
+-    if(!SSL_CTX_set_max_proto_version(section->ctx,
+-            section->max_proto_version)) {
+-        s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
+-            section->max_proto_version);
+-        return 1; /* FAILED */
++
++    if (section->max_proto_version == USE_DEFAULT_TLS_VERSION) {
++        s_log(LOG_INFO, "Using the default TLS version as specified in \
++                OpenSSL crypto policies. Not setting explicitly");
++    } else {
++        if(!SSL_CTX_set_max_proto_version(section->ctx,
++                    section->max_proto_version)) {
++            s_log(LOG_ERR, "Failed to set the maximum protocol version 0x%X",
++                    section->max_proto_version);
++            return 1; /* FAILED */
++        }
+     }
+ #else /* OPENSSL_VERSION_NUMBER<0x10100000L */
+     if(section->option.client)
diff --git a/stunnel.spec b/stunnel.spec
index fd65171..2283eb6 100644
--- a/stunnel.spec
+++ b/stunnel.spec
@@ -10,7 +10,7 @@
 Summary: A TLS-encrypting socket wrapper
 Name: stunnel
 Version: 5.56
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2
 URL: http://www.stunnel.org/
 Source0: https://www.stunnel.org/downloads/stunnel-%{version}.tar.gz
@@ -25,6 +25,7 @@ Patch0: stunnel-5.50-authpriv.patch
 Patch1: stunnel-5.50-systemd-service.patch
 Patch3: stunnel-5.56-system-ciphers.patch
 Patch4: stunnel-5.56-coverity.patch
+Patch5: stunnel-5.56-default-tls-version.patch
 # util-linux is needed for rename
 BuildRequires: gcc
 BuildRequires: openssl-devel, pkgconfig, util-linux
@@ -51,6 +52,7 @@ conjunction with imapd to create a TLS secure IMAP server.
 %patch1 -p1 -b .systemd-service
 %patch3 -p1 -b .system-ciphers
 %patch4 -p1 -b .coverity
+%patch5 -p1 -b .default-tls-version
 
 # Fix the configure script output for FIPS mode and stack protector flag
 sed -i '/yes).*result: no/,+1{s/result: no/result: yes/;s/as_echo "no"/as_echo "yes"/};s/-fstack-protector/-fstack-protector-strong/' configure
@@ -136,6 +138,9 @@ make test || (for i in tests/logs/*.log ; do echo "$i": ; cat "$i" ; done)
 %systemd_postun_with_restart %{name}.service
 
 %changelog
+* Tue Apr 06 2020 Sahana Prasad <sahana@redhat.com> - 5.56-4
+- Adds default tls version patch to comply with OpenSSL crypto policies
+
 * Tue Mar 31 2020 Sahana Prasad <sahana@redhat.com> - 5.56-3
 - Adds coverity patch