SSL_DEFAULT_CIPHER_LIST vs PROFILE=DEFAULT vs no set_cipher_list()

https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/... says that I need to patch application (if it does not have config file) to use "PROFILE=SYSTEM" as the argument to the cipher list. However, when I was looking into the library which uses this function (rust-openssl), I found following piece of code: /// Creates a new builder for TLS connections. /// /// The default configuration is subject to change, and is currently derived from Python. pub fn builder(method: SslMethod) -> Result<SslConnectorBuilder, ErrorStack> { let mut ctx = ctx(method)?; ctx.set_default_verify_paths()?; ctx.set_cipher_list( "DEFAULT:!aNULL:!eNULL:!MD5:!3DES:!DES:!RC4:!IDEA:!SEED:!aDSS:!SRP:!PSK", )?; setup_verify(&mut ctx); Ok(SslConnectorBuilder(ctx)) } https://github.com/sfackler/rust-openssl/blob/9ba802ad437447ac71f99d89653... Then I looked at CPython and found that it does this: /* Ignored in SSLContext constructor, only used to as _ssl.DEFAULT_CIPHER_STRING */ #define PY_SSL_DEFAULT_CIPHER_STRING SSL_DEFAULT_CIPHER_LIST And then it just ignores call to SSL_CTX_set_cipher_list(). So my question would be: Should I patch rust-openssl to use PROFILE=DEFAULT or I should just remove that call entirely? It is not very clear to me from the guidelines. Also since I want to get this upstream, which option is more portable?