diff --git a/ruby-2.5.0-allow-3DES-cipher-suites-in-test_sslctx_set_params.patch b/ruby-2.5.0-allow-3DES-cipher-suites-in-test_sslctx_set_params.patch
new file mode 100644
index 0000000..9c3e375
--- /dev/null
+++ b/ruby-2.5.0-allow-3DES-cipher-suites-in-test_sslctx_set_params.patch
@@ -0,0 +1,26 @@
+From 261353a42d0dc0e7bf73e5a8fb8ecffd04249d42 Mon Sep 17 00:00:00 2001
+From: Kazuki Yamaguchi <k@rhe.jp>
+Date: Tue, 27 Jun 2017 14:31:09 +0900
+Subject: [PATCH] test/test_ssl: allow 3DES cipher suites in
+ test_sslctx_set_params
+
+Fedora's OpenSSL seems to enable 3DES cipher suites by DEFAULT.
+
+Fixes: https://github.com/ruby/openssl/issues/127
+---
+ test/test_ssl.rb | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/openssl/test_ssl.rb b/test/openssl/test_ssl.rb
+index 19066566..b3efe95a 100644
+--- a/test/openssl/test_ssl.rb
++++ b/test/openssl/test_ssl.rb
+@@ -350,7 +350,7 @@ def test_sslctx_set_params
+     assert_equal OpenSSL::SSL::VERIFY_PEER, ctx.verify_mode
+     ciphers_names = ctx.ciphers.collect{|v, _, _, _| v }
+     assert ciphers_names.all?{|v| /A(EC)?DH/ !~ v }, "anon ciphers are disabled"
+-    assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES)/ !~ v }, "weak ciphers are disabled"
++    assert ciphers_names.all?{|v| /(RC4|MD5|EXP|DES(?!-EDE|-CBC3))/ !~ v }, "weak ciphers are disabled"
+     assert_equal 0, ctx.options & OpenSSL::SSL::OP_DONT_INSERT_EMPTY_FRAGMENTS
+     if defined?(OpenSSL::SSL::OP_NO_COMPRESSION) # >= 1.0.0
+       assert_equal OpenSSL::SSL::OP_NO_COMPRESSION,
diff --git a/ruby.spec b/ruby.spec
index 82d5781..e4f716f 100644
--- a/ruby.spec
+++ b/ruby.spec
@@ -21,7 +21,7 @@
 %endif
 
 
-%global release 79
+%global release 80
 %{!?release_string:%global release_string %{?development_release:0.}%{release}%{?development_release:.%{development_release}}%{?dist}}
 
 # The RubyGems library has to stay out of Ruby directory three, since the
@@ -128,6 +128,10 @@ Patch7: ruby-2.2.3-Generate-preludes-using-miniruby.patch
 # hardening features of glibc (rhbz#1361037).
 # https://bugs.ruby-lang.org/issues/12666
 Patch9: ruby-2.3.1-Rely-on-ldd-to-detect-glibc.patch
+# Fix OpenSSL::TestSSL#test_sslctx_set_params failures due to recent changes in
+# OpenSSL.
+# https://github.com/ruby/openssl/issues/127
+Patch10: ruby-2.5.0-allow-3DES-cipher-suites-in-test_sslctx_set_params.patch
 
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 Suggests: rubypick
@@ -507,6 +511,7 @@ rm -rf ext/fiddle/libffi*
 %patch6 -p1
 %patch7 -p1
 %patch9 -p1
+%patch10 -p1
 
 # Provide an example of usage of the tapset:
 cp -a %{SOURCE3} .
@@ -1021,6 +1026,10 @@ make check TESTS="-v $DISABLE_TESTS"
 %{gem_dir}/specifications/xmlrpc-%{xmlrpc_version}.gemspec
 
 %changelog
+* Thu Jul 20 2017 Vít Ondruch <vondruch@redhat.com> - 2.4.1-80
+- OpenSSL 1.1.0f-3 disables some weak ciphers. Adjust the package to pass
+  the tests suite.
+
 * Mon Apr 03 2017 Vít Ondruch <vondruch@redhat.com> - 2.4.1-79
 - Update to Ruby 2.4.1.