--- /dev/null
+From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001
+From: Steffan Karger <steffan@karger.me>
+Date: Fri, 13 May 2016 08:54:52 +0200
+Subject: [PATCH] Fix polarssl / mbedtls builds
+
+Commit 8a399cd3 hardened the OpenSSL default cipher list,
+but also introduced a change in shared code that causes
+polarssl / mbedtls builds to break when no --tls-cipher is
+specified.
+
+This fix is backported code from the master branch.
+
+Signed-off-by: Steffan Karger <steffan@karger.me>
+Acked-by: Gert Doering <gert@greenie.muc.de>
+Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me>
+URL: http://article.gmane.org/gmane.network.openvpn.devel/11647
+Signed-off-by: Gert Doering <gert@greenie.muc.de>
+---
+ src/openvpn/ssl_polarssl.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
+index 1f58369..9263698 100644
+--- a/src/openvpn/ssl_polarssl.c
++++ b/src/openvpn/ssl_polarssl.c
+@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
+ {
+ char *tmp_ciphers, *tmp_ciphers_orig, *token;
+ int i, cipher_count;
+- int ciphers_len = strlen (ciphers);
++ int ciphers_len;
++
++ if (NULL == ciphers)
++ return; /* Nothing to do */
++
++ ciphers_len = strlen (ciphers);
+
+ ASSERT (NULL != ctx);
+ ASSERT (0 != ciphers_len);
+--
+2.8.1
+