diff --git a/vsftpd-use-system-wide-crypto-policy.patch b/vsftpd-use-system-wide-crypto-policy.patch
new file mode 100644
index 0000000..2c22aba
--- /dev/null
+++ b/vsftpd-use-system-wide-crypto-policy.patch
@@ -0,0 +1,30 @@
+Index: vsftpd-3.0.5/tunables.c
+===================================================================
+--- vsftpd-3.0.5.orig/tunables.c
++++ vsftpd-3.0.5/tunables.c
+@@ -295,7 +295,7 @@ tunables_load_defaults()
+   install_str_setting("/usr/share/ssl/certs/vsftpd.pem",
+                       &tunable_rsa_cert_file);
+   install_str_setting(0, &tunable_dsa_cert_file);
+-  install_str_setting("DEFAULT_SUSE", &tunable_ssl_ciphers);
++  install_str_setting("PROFILE=SYSTEM", &tunable_ssl_ciphers);
+   install_str_setting(0, &tunable_rsa_private_key_file);
+   install_str_setting(0, &tunable_dsa_private_key_file);
+   install_str_setting(0, &tunable_ca_certs_file);
+Index: vsftpd-3.0.5/vsftpd.conf.5
+===================================================================
+--- vsftpd-3.0.5.orig/vsftpd.conf.5
++++ vsftpd-3.0.5/vsftpd.conf.5
+@@ -1024,7 +1024,11 @@ man page for further details. Note that
+ security precaution as it prevents malicious remote parties forcing a cipher
+ which they have found problems with.
+ 
+-Default: DEFAULT_SUSE
++By default, the system-wide crypto policy is used. See
++.BR update-crypto-policies(8)
++for further details.
++
++Default: PROFILE=SYSTEM
+ .TP
+ .B ssl_sni_hostname
+ If set, SSL connections will be rejected unless the SNI hostname in the
diff --git a/vsftpd.changes b/vsftpd.changes
index af42de6..681548a 100644
--- a/vsftpd.changes
+++ b/vsftpd.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Sep 26 09:20:33 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
+
+- Enable crypto-policies support: [bsc#1211301]
+  * Add vsftpd-use-system-wide-crypto-policy.patch
+
 -------------------------------------------------------------------
 Fri Aug 25 15:06:06 UTC 2023 - Thorsten Kukuk <kukuk@suse.com>
 
diff --git a/vsftpd.spec b/vsftpd.spec
index 7de6a4f..8f5db05 100644
--- a/vsftpd.spec
+++ b/vsftpd.spec
@@ -98,6 +98,8 @@ Patch43:        vsftpd-allow-dev-log-socket.patch
 Patch44:        vsftpd-enable-sendto-for-prelogin-syslog.patch
 Patch45:        disable-tls13-to-support-older-openssl-versions.patch
 Patch46:        0001-Fix-default-value-of-strict_ssl_read_eof-in-man-page.patch
+#PATCH-FIX-OPENSUSE bsc#1211301 Enable crypto-policies support
+Patch47:        vsftpd-use-system-wide-crypto-policy.patch
 BuildRequires:  libcap-devel
 %if 0%{?suse_version} == 1315
 BuildRequires:  libopenssl-1_1-devel >= 1.1.1
@@ -185,6 +187,7 @@ tests.
 %patch45 -p1
 %endif
 %patch46 -p1
+%patch47 -p1
 
 %build
 %define seccomp_opts -D_GNU_SOURCE -DUSE_SECCOMP