diff --git a/csync2.changes b/csync2.changes
index a9cc0ea..b85db96 100644
--- a/csync2.changes
+++ b/csync2.changes
@@ -15,6 +15,13 @@ Wed Apr  7 09:58:51 UTC 2021 - Peter Varkoly <varkoly@suse.com>
   * 0002-Patch-sonames.patch
   * 0001-Add-COPYING-as-docfile.patch
 
+-------------------------------------------------------------------
+Wed Nov 20 14:00:30 UTC 2019 - Peter Varkoly <varkoly@suse.com>
+
+- VUL-1: csync2: bad TLS key generation on installation (bsc#1145032)
+  Adapt suggested changes in %post section.
+  Do not hide output on standard error during generating the keys.
+
 -------------------------------------------------------------------
 Mon May 27 08:13:02 UTC 2019 - Kristoffer Gronlund <kgronlund@suse.com>
 
diff --git a/csync2.spec b/csync2.spec
index 3fa146c..e17bca3 100644
--- a/csync2.spec
+++ b/csync2.spec
@@ -73,26 +73,34 @@ touch %{buildroot}%{_sysconfdir}/csync2/csync2_ssl_cert.pem
 
 %pre
 %service_add_pre csync2.socket
+%service_add_pre csync2@.service
 
 %post
 %service_add_post csync2.socket
+%service_add_post csync2@.service
 umask 077
 if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_key.pem ]; then
-  %{_bindir}/openssl genrsa -out %{_sysconfdir}/csync2/csync2_ssl_key.pem 1024
+    %{_bindir}/openssl ecparam -genkey -name secp384r1 -out %{_sysconfdir}/csync2/csync2_ssl_key.pem
 fi
 FQDN=`hostname`
 if [ "x${FQDN}" = "x" ]; then
    FQDN=localhost.localdomain
 fi
 if [ ! -f %{_sysconfdir}/csync2/csync2_ssl_cert.pem ]; then
-  yes '' | %{_bindir}/openssl req -new -key %{_sysconfdir}/csync2/csync2_ssl_key.pem -out %{_sysconfdir}/csync2/csync2_ssl_cert.csr
-  %{_bindir}/openssl x509 -req -days 3000 -in %{_sysconfdir}/csync2/csync2_ssl_cert.csr -signkey %{_sysconfdir}/csync2/csync2_ssl_key.pem \
-    -out %{_sysconfdir}/csync2/csync2_ssl_cert.pem
-  rm %{_sysconfdir}/csync2/csync2_ssl_cert.csr
+cat << EOF | %{_bindir}/openssl req -new -key %{_sysconfdir}/csync2/csync2_ssl_key.pem -x509 -days 3000 -out %{_sysconfdir}/csync2/csync2_ssl_cert.pem
+--
+SomeState
+SomeCity
+SomeOrganization
+SomeOrganization
+SomeName
+name@example.com
+EOF
 fi
 
 %preun
 %service_del_preun csync2.socket
+%service_del_preun csync2@.service
 # Cleanup all databases upon last removal
 if [ $1 -eq 0 ]; then
   rm -f %{_localstatedir}/lib/csync2/*
@@ -100,6 +108,7 @@ fi
 
 %postun
 %service_del_postun csync2.socket
+%service_del_postun csync2@.service
 
 %files
 %{_sbindir}/csync2