diff --git a/contrib/src/gnutls/SHA512SUMS b/contrib/src/gnutls/SHA512SUMS
index 5c136299a095e551b9ffa6d46b6a8c2a103b4ac5..7292832e420461d9fb27bbd53933cf07d767ef9e 100644
--- a/contrib/src/gnutls/SHA512SUMS
+++ b/contrib/src/gnutls/SHA512SUMS
@@ -1 +1 @@
-e5cd60240ebbcac9d8f7c28fdbf023a499e3c58a352a43c24d075b248a0a903161b1745641bf263519293c0014424cc23dbb67274c8934aaf273a523ad0a2925  gnutls-3.4.10.tar.xz
+d75f6b4dea2dc742cd7f60ee0ee540d41b69991aaa937ca0138cfdf4a1e0dfaaa3863464303bfa5799e14ee02de252f71c59a7a9e57b96ff8af653e419edfd4e  gnutls-3.4.14.tar.xz
diff --git a/contrib/src/gnutls/dtls-packet-reordering.patch b/contrib/src/gnutls/dtls-packet-reordering.patch
deleted file mode 100644
index 24a474aa686650c1ca8e7c8e64e7d8fc8ab023ef..0000000000000000000000000000000000000000
--- a/contrib/src/gnutls/dtls-packet-reordering.patch
+++ /dev/null
@@ -1,5 +0,0 @@
---- a/lib/gnutls_buffers.c
-+++ b/lib/gnutls_buffers.c
-@@ -1033 +1033 @@
--		    && hsk->end_offset >=
-+		    && hsk->end_offset + 1 >=
diff --git a/contrib/src/gnutls/format-security.patch b/contrib/src/gnutls/format-security.patch
deleted file mode 100644
index b0b4f322d0056110c0e5cb99aff80e4d23a28392..0000000000000000000000000000000000000000
--- a/contrib/src/gnutls/format-security.patch
+++ /dev/null
@@ -1,6 +0,0 @@
-diff -rU0 gnutls-old/lib/x509/ocsp_output.c gnutls/lib/x509/ocsp_output.c
---- gnutls-old/lib/x509/ocsp_output.c
-+++ gnutls/lib/x509/ocsp_output.c
-@@ -289 +289 @@
--					addf(str, _("\tResponder Key ID: "));
-+					adds(str, _("\tResponder Key ID: "));
diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak
index 58fbd7586f9901e763a56f5f1d77aebcdaa49d25..e7c2280069f2b9cc982c4a0ff63c5874ea87cde1 100644
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -1,11 +1,10 @@
 # GnuTLS
 
-GNUTLS_VERSION := 3.4.10
+GNUTLS_VERSION := 3.4.14
 GNUTLS_URL := ftp://ftp.gnutls.org/gcrypt/gnutls/v3.4/gnutls-$(GNUTLS_VERSION).tar.xz
 
 PKGS += gnutls
-# We need at least the 3.4.10, but DTLS handshake re-ordered packet fix is only available since 3.4.14
-# So we patch the 3.4.10 until official release of 3.4.14
+
 ifeq ($(call need_pkg,"gnutls >= 3.4.14"),)
 PKGS_FOUND += gnutls
 endif
@@ -33,8 +32,6 @@ endif
 ifndef HAVE_IOS
 	$(APPLY) $(SRC)/gnutls/mac-keychain-lookup.patch
 endif
-	$(APPLY) $(SRC)/gnutls/format-security.patch
-	$(APPLY) $(SRC)/gnutls/dtls-packet-reordering.patch
 	$(call pkg_static,"lib/gnutls.pc.in")
 	$(UPDATE_AUTOCONFIG)
 	$(MOVE)
@@ -52,6 +49,7 @@ GNUTLS_CONF := \
 	--disable-nls \
 	--disable-dtls-srtp-support \
 	--without-libintl-prefix \
+	--disable-non-suiteb-curves \
 	$(HOSTCONF)
 
 ifdef HAVE_ANDROID
diff --git a/contrib/src/nettle/rules.mak b/contrib/src/nettle/rules.mak
index 888570e3a5d27badb52374cf5c6154790c6b0571..6db034f71503704dfb4617600d6f16763d334ed1 100644
--- a/contrib/src/nettle/rules.mak
+++ b/contrib/src/nettle/rules.mak
@@ -5,12 +5,9 @@ NETTLE_URL := $(GNU)/nettle/nettle-$(NETTLE_VERSION).tar.gz
 
 PKGS += nettle
 
-# TEMPORARY DISABLED
-# Force nettle contrib until gnutls major patches are upstream and released
-# See gnutls rules.mak for more information
-#ifeq ($(call need_pkg,"nettle >= 3.1"),)
-#PKGS_FOUND += nettle
-#endif
+ifeq ($(call need_pkg,"nettle >= 3.1"),)
+PKGS_FOUND += nettle
+endif
 
 $(TARBALLS)/nettle-$(NETTLE_VERSION).tar.gz:
 	$(call download,$(NETTLE_URL))