diff --git a/daemon/contrib/src/gnutls/SHA512SUMS b/daemon/contrib/src/gnutls/SHA512SUMS
index d6b2d98fe4565cdf18a562009057b1432dd7f30e..e24f04bdf56dc785b12f8bf1566b5e868841a4d5 100644
--- a/daemon/contrib/src/gnutls/SHA512SUMS
+++ b/daemon/contrib/src/gnutls/SHA512SUMS
@@ -1 +1 @@
-3205fcfe3344f777f5c8d2162de2ac338cfdfabaa55d7b829e59160cfec434651f704a9bac355f5003d1841448c4b0303dc6e06a935801aa922504b297bdd093  gnutls-3.1.25.tar.xz
+275a13bb705539ae402269c9b67aa7f78bf57892f8b24727a2529de6024454fcbc4fd1ed9922120b33c30dad964a1f473f5222243b35eda7010538e7e3b61bef  gnutls-3.2.17.tar.xz
diff --git a/daemon/contrib/src/gnutls/downgrade-automake-requirement.patch b/daemon/contrib/src/gnutls/downgrade-automake-requirement.patch
deleted file mode 100644
index 62b156d98834898384667a2fed83f3eb1d6c0bc2..0000000000000000000000000000000000000000
--- a/daemon/contrib/src/gnutls/downgrade-automake-requirement.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- gnutls-3.1.14/configure.ac.orig	2013-09-17 18:17:09.840217108 +0200
-+++ gnutls-3.1.14/configure.ac	2013-09-17 18:19:36.609535012 +0200
-@@ -26,7 +26,7 @@
- AC_CONFIG_MACRO_DIR([m4])
- AC_CANONICAL_HOST
- 
--AM_INIT_AUTOMAKE([1.12.2 no-dist-gzip dist-xz dist-lzip -Wall -Wno-override])
-+AM_INIT_AUTOMAKE([1.11.1 no-dist-gzip dist-xz -Wall -Wno-override])
- m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
- AC_CONFIG_HEADERS([config.h])
- 
diff --git a/daemon/contrib/src/gnutls/gnutls-no-egd.patch b/daemon/contrib/src/gnutls/gnutls-no-egd.patch
index c0e3407570a641c479d38b1bd22c01473b4aebec..69eb22f83bfdffa54e229e18187b82a7c495b240 100644
--- a/daemon/contrib/src/gnutls/gnutls-no-egd.patch
+++ b/daemon/contrib/src/gnutls/gnutls-no-egd.patch
@@ -1,46 +1,6 @@
-diff -ru gnutls.orig/lib/nettle/rnd.c gnutls/lib/nettle/rnd.c
---- gnutls-3.1.10/lib/nettle/Makefile.am.orig	2013-03-25 14:41:50.265377296 +0100
-+++ gnutls-3.1.10/lib/nettle/Makefile.am	2013-03-25 14:50:17.436084975 +0100
-@@ -33,7 +33,7 @@
- 
- noinst_LTLIBRARIES = libcrypto.la
- 
--libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c egd.c egd.h \
-+libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c \
- 	multi.c wmnaf.c ecc_free.c ecc.h ecc_make_key.c ecc_shared_secret.c \
- 	ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \
- 	ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \
---- gnutls-3.1.10/lib/nettle/Makefile.in.orig	2013-03-25 14:41:50.268710655 +0100
-+++ gnutls-3.1.10/lib/nettle/Makefile.in	2013-03-25 14:51:42.180123726 +0100
-@@ -219,7 +219,7 @@
- LTLIBRARIES = $(noinst_LTLIBRARIES)
- libcrypto_la_LIBADD =
- am_libcrypto_la_OBJECTS = pk.lo mpi.lo mac.lo cipher.lo rnd.lo init.lo \
--	egd.lo multi.lo wmnaf.lo ecc_free.lo ecc_make_key.lo \
-+	multi.lo wmnaf.lo ecc_free.lo ecc_make_key.lo \
- 	ecc_shared_secret.lo ecc_map.lo ecc_mulmod.lo \
- 	ecc_mulmod_cached.lo ecc_points.lo \
- 	ecc_projective_dbl_point_3.lo ecc_projective_isneutral.lo \
-@@ -1536,7 +1536,7 @@
- 	-I$(srcdir)/../includes -I$(builddir)/../includes \
- 	-I$(builddir)/../../gl -I$(srcdir)/.. $(am__append_1)
- noinst_LTLIBRARIES = libcrypto.la
--libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c egd.c egd.h \
-+libcrypto_la_SOURCES = pk.c mpi.c mac.c cipher.c rnd.c init.c \
- 	multi.c wmnaf.c ecc_free.c ecc.h ecc_make_key.c ecc_shared_secret.c \
- 	ecc_map.c ecc_mulmod.c ecc_mulmod_cached.c \
- 	ecc_points.c ecc_projective_dbl_point_3.c ecc_projective_isneutral.c \
-@@ -1610,7 +1610,6 @@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecc_shared_secret.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecc_sign_hash.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ecc_verify_hash.Plo@am__quote@
--@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/egd.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mac.Plo@am__quote@
- @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mpi.Plo@am__quote@
---- gnutls-3.1.10/lib/nettle/rnd.c.orig	2013-03-21 21:42:28.000000000 +0100
-+++ gnutls-3.1.10/lib/nettle/rnd.c	2013-03-25 14:52:50.004027534 +0100
-@@ -205,7 +205,7 @@
+--- gnutls-3.2.11/lib/nettle/rnd.c.orig	2014-08-26 02:08:42.243632503 +0200
++++ gnutls-3.2.11/lib/nettle/rnd.c	2014-08-26 02:08:41.123615625 +0200
+@@ -216,7 +216,7 @@
  #include <sys/time.h>
  #include <fcntl.h>
  #include <locks.h>
@@ -49,33 +9,48 @@ diff -ru gnutls.orig/lib/nettle/rnd.c gnutls/lib/nettle/rnd.c
  
  #define DEVICE_READ_SIZE 16
  #define DEVICE_READ_SIZE_MAX 32
-@@ -276,6 +276,7 @@
-   return 0;
+@@ -286,6 +286,7 @@
+ 	return 0;
  }
  
 +#if 0
- static int
- do_device_source_egd (int init)
+ static int do_device_source_egd(int init, struct event_st *event)
  {
-@@ -329,6 +330,7 @@
-     }
-   return 0;
+ 	unsigned int read_size = DEVICE_READ_SIZE;
+@@ -342,6 +343,7 @@
+ 	}
+ 	return 0;
  }
 +#endif
  
- static int
- do_device_source (int init)
-@@ -346,11 +348,13 @@
+ static int do_device_source(int init, struct event_st *event)
+ {
+@@ -357,10 +359,12 @@
  
-       do_source = do_device_source_urandom;
-       ret = do_source (init);
+ 		do_source = do_device_source_urandom;
+ 		ret = do_source(init, event);
 +#if 0
-       if (ret < 0)
-         {
-           do_source = do_device_source_egd;
-           ret = do_source (init);
-         }
+ 		if (ret < 0) {
+ 			do_source = do_device_source_egd;
+ 			ret = do_source(init, event);
+ 		}
++#endif
+ 
+ 		if (ret < 0) {
+ 			gnutls_assert();
+@@ -450,7 +454,6 @@
+ 		if (level == GNUTLS_RND_NONCE)
+ 			_rnd_get_event(&event);
+ 	}
+-#endif
+ 
+ 	/* update state only when having a non-nonce or if nonce
+ 	 * and nsecs%4096 == 0, i.e., one out of 4096 times called .
+@@ -494,6 +497,7 @@
+ 	RND_UNLOCK;
+ 	return;
+ }
 +#endif
  
-       if (ret < 0)
-         {
+ int crypto_rnd_prio = INT_MAX;
+ 
diff --git a/daemon/contrib/src/gnutls/gnutls-pkgconfig-osx.patch b/daemon/contrib/src/gnutls/gnutls-pkgconfig-osx.patch
index 37cbc670e82ab096380a63908679e75f106b32f4..82305ec0f886b88e30c57c8feff415f7c745aba8 100644
--- a/daemon/contrib/src/gnutls/gnutls-pkgconfig-osx.patch
+++ b/daemon/contrib/src/gnutls/gnutls-pkgconfig-osx.patch
@@ -28,16 +28,6 @@
    AC_SUBST([INTL_MACOSX_LIBS])
  ])
 
---- a/lib/gnutls.pc.in.orig	2014-06-25 17:42:26.000000000 -0400
-+++ b/lib/gnutls.pc.in	2014-06-25 17:42:35.000000000 -0400
-@@ -19,6 +19,6 @@
- Version: @VERSION@
- Libs: -L${libdir} -lgnutls
--Libs.private: @LTLIBNETTLE@ @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ @LTLIBPTHREAD@ @LTLIBICONV@ @P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @LIB_CLOCK_GETTIME@ @GMP_LIBS@
-+Libs.private: @LTLIBNETTLE@ @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ @LTLIBPTHREAD@ @LTLIBICONV@ @P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @LIB_CLOCK_GETTIME@ @GMP_LIBS@ @INTL_MACOSX_LIBS@
- @GNUTLS_REQUIRES_PRIVATE@
- Cflags: -I${includedir}
-
 --- a/libdane/gnutls-dane.pc.in.orig	2014-06-25 17:57:29.000000000 -0400
 +++ b/libdane/gnutls-dane.pc.in	2014-06-25 17:57:39.000000000 -0400
 @@ -19,7 +19,7 @@
@@ -49,3 +39,12 @@
  Libs.private: @UNBOUND_LIBS@
  Requires.private: gnutls
  Cflags: -I${includedir}
+--- gnutls-3.2.17/lib/gnutls.pc.in.orig	2014-09-02 02:11:18.408515190 +0200
++++ gnutls-3.2.17/lib/gnutls.pc.in	2014-09-02 02:11:45.615686000 +0200
+@@ -20,5 +20,5 @@
+ Version: @VERSION@
+ Libs: -L${libdir} -lgnutls
+ Libs.private: @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ @LTLIBPTHREAD@ @LTLIBICONV@ @P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@
+-@GNUTLS_REQUIRES_PRIVATE@
++@GNUTLS_REQUIRES_PRIVATE@ @INTL_MACOSX_LIBS@
+ Cflags: -I${includedir}
diff --git a/daemon/contrib/src/gnutls/gnutls-win32.patch b/daemon/contrib/src/gnutls/gnutls-win32.patch
index c0c540ab4322d7c5e26a91b70bd3c09cf99bb9d2..f0c05d33cc19d25fff93d29e91386891a79b6a33 100644
--- a/daemon/contrib/src/gnutls/gnutls-win32.patch
+++ b/daemon/contrib/src/gnutls/gnutls-win32.patch
@@ -15,14 +15,13 @@
  # endif
 +#endif
  #endif /* !HAVE_DECL_GAI_STRERROR */
---- gnutls-3.1.14/lib/gnutls.pc.in.orig	2013-09-17 18:14:16.270374773 +0200
-+++ gnutls-3.1.14/lib/gnutls.pc.in	2013-09-17 18:16:10.232464936 +0200
-@@ -18,7 +18,7 @@
- Description: Transport Security Layer implementation for the GNU system
+--- gnutls-3.2.17/lib/gnutls.pc.in.orig	2014-08-30 06:48:22.371307704 +0200
++++ gnutls-3.2.17/lib/gnutls.pc.in	2014-08-30 06:48:40.504956268 +0200
+@@ -19,6 +19,6 @@
  URL: http://www.gnutls.org/
  Version: @VERSION@
--Libs: -L${libdir} -lgnutls
-+Libs: -L${libdir} -lgnutls -lws2_32 -lcrypt32 @LTLIBINTL@
- Libs.private: @LTLIBNETTLE@ @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ @LTLIBPTHREAD@ @LTLIBICONV@ @P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @LIB_CLOCK_GETTIME@ @GMP_LIBS@
+ Libs: -L${libdir} -lgnutls
+-Libs.private: @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ @LTLIBPTHREAD@ @LTLIBICONV@ @P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@
++Libs.private: @LTLIBZ@ @LTLIBINTL@ @LIBSOCKET@ -lcrypt32 @LTLIBPTHREAD@ @LTLIBICONV@ @P11_KIT_LIBS@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@
  @GNUTLS_REQUIRES_PRIVATE@
  Cflags: -I${includedir}
diff --git a/daemon/contrib/src/gnutls/rules.mak b/daemon/contrib/src/gnutls/rules.mak
index 520b68dea5fa599fa319d3e397abb4a7190d1403..6cafdb611a3dbbb6a50b01a15aa6696bedba4c1f 100644
--- a/daemon/contrib/src/gnutls/rules.mak
+++ b/daemon/contrib/src/gnutls/rules.mak
@@ -1,10 +1,14 @@
 # GnuTLS
 
-GNUTLS_VERSION := 3.1.25
-GNUTLS_URL := ftp://ftp.gnutls.org/gcrypt/gnutls/v3.1/gnutls-$(GNUTLS_VERSION).tar.xz
+GNUTLS_VERSION := 3.2.17
+GNUTLS_URL := ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/gnutls-$(GNUTLS_VERSION).tar.xz
 
+ifdef BUILD_NETWORK
+ifndef HAVE_DARWIN_OS
 PKGS += gnutls
-ifeq ($(call need_pkg,"gnutls >= 3.0.20"),)
+endif
+endif
+ifeq ($(call need_pkg,"gnutls >= 3.2.0"),)
 PKGS_FOUND += gnutls
 endif
 
@@ -20,14 +24,13 @@ ifdef HAVE_WIN32
 endif
 ifdef HAVE_ANDROID
 	$(APPLY) $(SRC)/gnutls/no-create-time-h.patch
-endif
-ifdef HAVE_MACOSX
-	$(APPLY) $(SRC)/gnutls/gnutls-pkgconfig-osx.patch
 endif
 	$(APPLY) $(SRC)/gnutls/gnutls-no-egd.patch
 	$(APPLY) $(SRC)/gnutls/read-file-limits.h.patch
-	$(APPLY) $(SRC)/gnutls/downgrade-automake-requirement.patch
 	$(APPLY) $(SRC)/gnutls/mac-keychain-lookup.patch
+ifdef HAVE_MACOSX
+	$(APPLY) $(SRC)/gnutls/gnutls-pkgconfig-osx.patch
+endif
 	$(call pkg_static,"lib/gnutls.pc.in")
 	$(UPDATE_AUTOCONFIG)
 	$(MOVE)
@@ -38,7 +41,7 @@ GNUTLS_CONF := \
 	--disable-cxx \
 	--disable-srp-authentication \
 	--disable-psk-authentication-FIXME \
-	--with-included-libtasn1 \
+	--disable-anon-authentication \
 	--disable-openpgp-authentication \
 	--disable-openssl-compatibility \
 	--disable-guile \