diff --git a/.gitignore b/.gitignore
index 28bf8cc..aedb544 100644
--- a/.gitignore
+++ b/.gitignore
@@ -139,3 +139,4 @@ gnutls-2.10.1-nosrp.tar.bz2
 /gnutls-3.7.4.tar.xz
 /gnutls-3.7.5.tar.xz
 /gnutls-3.7.6.tar.xz
+/gnutls-3.7.7.tar.xz
diff --git a/README.packit b/README.packit
index c242324..2c8f8d9 100644
--- a/README.packit
+++ b/README.packit
@@ -1,3 +1,3 @@
 This repository is maintained by packit.
 https://packit.dev/
-The file was generated using packit 0.51.0.
+The file was generated using packit 0.55.0.
diff --git a/gnutls-3.7.6-ktls-disabled-by-default.patch b/gnutls-3.7.6-ktls-disabled-by-default.patch
deleted file mode 100644
index 76728dc..0000000
--- a/gnutls-3.7.6-ktls-disabled-by-default.patch
+++ /dev/null
@@ -1,124 +0,0 @@
-From f41151c8a218f255af08362b74cd6ee0dfd45c00 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Franti=C5=A1ek=20Kren=C5=BEelok?=
- <krenzelok.frantisek@gmail.com>
-Date: Tue, 14 Jun 2022 16:16:11 +0200
-Subject: [PATCH] KTLS: disable by default enable by config
-
-KTLS will be disabled by default when build with `--enable-ktls` to
-enable it, use config file option `ktls = true` in [global] section.
-
-Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@gmail.com>
----
- doc/cha-config.texi | 18 ++++++++----------
- lib/gnutls_int.h    |  2 +-
- lib/handshake.c     |  2 +-
- lib/priority.c      | 12 ++++++------
- 4 files changed, 16 insertions(+), 18 deletions(-)
-
-diff --git a/doc/cha-config.texi b/doc/cha-config.texi
-index e550f2e4b1..eaab7fd799 100644
---- a/doc/cha-config.texi
-+++ b/doc/cha-config.texi
-@@ -26,7 +26,7 @@ used can be queried using @funcref{gnutls_get_system_config_file}.
- * Querying for disabled algorithms and protocols::
- * Overriding the parameter verification profile::
- * Overriding the default priority string::
--* Disabling system/acceleration protocols::
-+* Enabling/Disabling system/acceleration protocols::
- @end menu
- 
- @node Application-specific priority strings
-@@ -253,16 +253,14 @@ default-priority-string = SECURE128:-VERS-TLS-ALL:+VERS-TLS1.3
- @end example
- 
- 
--@node Disabling system/acceleration protocols
--@section Disabling system/acceleration protocols
--When system/acceleration protocol is enabled during build, it is usually
--enabled by default. The following options can overwrite this behavior
--system-wide.
-+@node Enabling/Disabling system/acceleration protocols
-+@section Enabling/Disabling system/acceleration protocols
-+The following options can overwrite default behavior of protocols system-wide.
- @example
- [global]
--ktls = false
-+ktls = true
- 
- @end example
--@subsection Disabling KTLS
--When GnuTLS is build with -–enable-ktls configuration, it uses KTLS by default.
--This can be overwritten by setting @code{ktls = false} in @code{[global]} section.
-+@subsection Enabling KTLS
-+When GnuTLS is build with -–enable-ktls configuration, KTLS is disabled by default.
-+This can be enabled by setting @code{ktls = true} in @code{[global]} section.
-diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
-index 872188696b..8c7bdaa1db 100644
---- a/lib/gnutls_int.h
-+++ b/lib/gnutls_int.h
-@@ -1649,6 +1649,6 @@ get_certificate_type(gnutls_session_t session,
- 
- extern unsigned int _gnutls_global_version;
- 
--bool _gnutls_config_is_ktls_disabled(void);
-+bool _gnutls_config_is_ktls_enabled(void);
- 
- #endif /* GNUTLS_LIB_GNUTLS_INT_H */
-diff --git a/lib/handshake.c b/lib/handshake.c
-index f3edbbdacb..4dd457bf22 100644
---- a/lib/handshake.c
-+++ b/lib/handshake.c
-@@ -2815,7 +2815,7 @@ int gnutls_handshake(gnutls_session_t session)
- 
- 	session->internals.ktls_enabled = 0;
- #ifdef ENABLE_KTLS
--	if (_gnutls_config_is_ktls_disabled() == false)
-+	if (_gnutls_config_is_ktls_enabled() == true)
- 		_gnutls_ktls_enable(session);
- #endif
- 
-diff --git a/lib/priority.c b/lib/priority.c
-index 7279c03c88..d163d8169f 100644
---- a/lib/priority.c
-+++ b/lib/priority.c
-@@ -1027,7 +1027,7 @@ static void dummy_func(gnutls_priority_t c)
- 
- struct cfg {
- 	bool allowlisting;
--	bool ktls_disabled;
-+	bool ktls_enabled;
- 
- 	name_val_array_t priority_strings;
- 	char *priority_string;
-@@ -1140,7 +1140,7 @@ cfg_steal(struct cfg *dst, struct cfg *src)
- 	src->default_priority_string = NULL;
- 
- 	dst->allowlisting = src->allowlisting;
--	dst->ktls_disabled = src->ktls_disabled;
-+	dst->ktls_enabled = src->ktls_enabled;
- 	memcpy(dst->ciphers, src->ciphers, sizeof(src->ciphers));
- 	memcpy(dst->macs, src->macs, sizeof(src->macs));
- 	memcpy(dst->groups, src->groups, sizeof(src->groups));
-@@ -1268,8 +1268,8 @@ static int global_ini_handler(void *ctx, const char *section, const char *name,
- 			}
- 		} else if (c_strcasecmp(name, "ktls") == 0) {
- 			p = clear_spaces(value, str);
--			if (c_strcasecmp(p, "false") == 0) {
--				cfg->ktls_disabled = true;
-+			if (c_strcasecmp(p, "true") == 0) {
-+				cfg->ktls_enabled = true;
- 			} else {
- 				_gnutls_debug_log("cfg: unknown ktls mode %s\n",
- 					p);
-@@ -3490,6 +3490,6 @@ gnutls_priority_string_list(unsigned iter, unsigned int flags)
- 	return NULL;
- }
- 
--bool _gnutls_config_is_ktls_disabled(void){
--	return system_wide_config.ktls_disabled;
-+bool _gnutls_config_is_ktls_enabled(void){
-+	return system_wide_config.ktls_enabled;
- }
--- 
-2.37.1
-
diff --git a/gnutls-3.7.6-ktls-minor-fixes.patch b/gnutls-3.7.6-ktls-minor-fixes.patch
deleted file mode 100644
index a4f5716..0000000
--- a/gnutls-3.7.6-ktls-minor-fixes.patch
+++ /dev/null
@@ -1,230 +0,0 @@
-From 7b700dbcd5907944a7dd2f74cd26ad8586cd4bac Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Tue, 28 Jun 2022 09:37:22 +0900
-Subject: [PATCH 1/3] tests: enable KTLS config while running gnutls_ktls test
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- tests/Makefile.am   |  9 +++++----
- tests/gnutls_ktls.c |  4 ++--
- tests/ktls.sh       | 46 +++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 53 insertions(+), 6 deletions(-)
- create mode 100755 tests/ktls.sh
-
-diff --git a/tests/Makefile.am b/tests/Makefile.am
-index 4deeb6462b..cba67e8db8 100644
---- a/tests/Makefile.am
-+++ b/tests/Makefile.am
-@@ -441,10 +441,6 @@ ctests += x509self x509dn anonself pskself pskself2 dhepskself	\
- 	resume-with-record-size-limit
- endif
- 
--if ENABLE_KTLS
--ctests += gnutls_ktls
--endif
--
- ctests += record-sendfile
- 
- gc_CPPFLAGS = $(AM_CPPFLAGS) \
-@@ -500,6 +496,11 @@ if ENABLE_TPM2
- dist_check_SCRIPTS += tpm2.sh
- endif
- 
-+if ENABLE_KTLS
-+indirect_tests += gnutls_ktls
-+dist_check_SCRIPTS += ktls.sh
-+endif
-+
- if !WINDOWS
- 
- #
-diff --git a/tests/gnutls_ktls.c b/tests/gnutls_ktls.c
-index 3966e2b10a..8f9c5fa36e 100644
---- a/tests/gnutls_ktls.c
-+++ b/tests/gnutls_ktls.c
-@@ -84,7 +84,7 @@ static void client(int fd, const char *prio)
- 
- 	ret = gnutls_transport_is_ktls_enabled(session);
- 	if (!(ret & GNUTLS_KTLS_RECV)){
--		fail("client: KTLS was not properly inicialized\n");
-+		fail("client: KTLS was not properly initialized\n");
- 		goto end;
- 	}
- 
-@@ -208,7 +208,7 @@ static void server(int fd, const char *prio)
- 
- 	ret = gnutls_transport_is_ktls_enabled(session);
- 	if (!(ret & GNUTLS_KTLS_SEND)){
--		fail("server: KTLS was not properly inicialized\n");
-+		fail("server: KTLS was not properly initialized\n");
- 		goto end;
- 	}
- 	do {
-diff --git a/tests/ktls.sh b/tests/ktls.sh
-new file mode 100755
-index 0000000000..ba52bd5775
---- /dev/null
-+++ b/tests/ktls.sh
-@@ -0,0 +1,46 @@
-+#!/bin/sh
-+
-+# Copyright (C) 2022 Red Hat, Inc.
-+#
-+# Author: Daiki Ueno
-+#
-+# This file is part of GnuTLS.
-+#
-+# GnuTLS is free software; you can redistribute it and/or modify it
-+# under the terms of the GNU General Public License as published by the
-+# Free Software Foundation; either version 3 of the License, or (at
-+# your option) any later version.
-+#
-+# GnuTLS is distributed in the hope that it will be useful, but
-+# WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-+# General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with GnuTLS; if not, write to the Free Software Foundation,
-+# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
-+
-+: ${builddir=.}
-+
-+. "$srcdir/scripts/common.sh"
-+
-+if ! grep '^tls ' /proc/modules 2>1 >& /dev/null; then
-+    exit 77
-+fi
-+
-+testdir=`create_testdir ktls`
-+
-+cfg="$testdir/config"
-+
-+cat <<EOF > "$cfg"
-+[global]
-+ktls = true
-+EOF
-+
-+GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID=1 \
-+GNUTLS_SYSTEM_PRIORITY_FILE="$cfg" \
-+"$builddir/gnutls_ktls" "$@"
-+rc=$?
-+
-+rm -rf "$testdir"
-+exit $rc
--- 
-2.37.1
-
-
-From 4a492462535a7f3a831685d3cf420b50ef219511 Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Tue, 28 Jun 2022 10:23:33 +0900
-Subject: [PATCH 2/3] handshake: do not reset KTLS enablement in
- gnutls_handshake
-
-As gnutls_handshake can be repeatedly called upon non-blocking setup,
-we shouldn't try to call setsockopt for KTLS upon every call.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/handshake.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/lib/handshake.c b/lib/handshake.c
-index 4dd457bf22..3886306eb4 100644
---- a/lib/handshake.c
-+++ b/lib/handshake.c
-@@ -2813,12 +2813,6 @@ int gnutls_handshake(gnutls_session_t session)
- 	const version_entry_st *vers = get_version(session);
- 	int ret;
- 
--	session->internals.ktls_enabled = 0;
--#ifdef ENABLE_KTLS
--	if (_gnutls_config_is_ktls_enabled() == true)
--		_gnutls_ktls_enable(session);
--#endif
--
- 	if (unlikely(session->internals.initial_negotiation_completed)) {
- 		if (vers->tls13_sem) {
- 			if (session->security_parameters.entity == GNUTLS_CLIENT) {
-@@ -2864,6 +2858,12 @@ int gnutls_handshake(gnutls_session_t session)
- 			end->tv_nsec =
- 				(start->tv_nsec + tmo_ms * 1000000LL) % 1000000000LL;
- 		}
-+
-+#ifdef ENABLE_KTLS
-+		if (_gnutls_config_is_ktls_enabled()) {
-+			_gnutls_ktls_enable(session);
-+		}
-+#endif
- 	}
- 
- 	if (session->internals.recv_state == RECV_STATE_FALSE_START) {
--- 
-2.37.1
-
-
-From ce13208e13b5dec73993c583d4c64ab7714e4a7a Mon Sep 17 00:00:00 2001
-From: Daiki Ueno <ueno@gnu.org>
-Date: Tue, 28 Jun 2022 10:53:55 +0900
-Subject: [PATCH 3/3] ktls: _gnutls_ktls_enable: fix GNUTLS_KTLS_SEND
- calculation
-
-Previously, if the first setsockopt for GNUTLS_KTLS_RECV fails and the
-same socket is used for both sending and receiving, GNUTLS_KTLS_SEND
-was unconditionally set.  This fixes the conditions and also adds more
-logging.
-
-Signed-off-by: Daiki Ueno <ueno@gnu.org>
----
- lib/system/ktls.c | 21 ++++++++++++++++-----
- 1 file changed, 16 insertions(+), 5 deletions(-)
-
-diff --git a/lib/system/ktls.c b/lib/system/ktls.c
-index b9f7a73fb5..ddf27fac76 100644
---- a/lib/system/ktls.c
-+++ b/lib/system/ktls.c
-@@ -47,7 +47,7 @@
- gnutls_transport_ktls_enable_flags_t
- gnutls_transport_is_ktls_enabled(gnutls_session_t session){
- 	if (unlikely(!session->internals.initial_negotiation_completed)){
--		_gnutls_debug_log("Initial negotiation is not yet complete");
-+		_gnutls_debug_log("Initial negotiation is not yet complete\n");
- 		return 0;
- 	}
- 
-@@ -57,16 +57,27 @@ gnutls_transport_is_ktls_enabled(gnutls_session_t session){
- void _gnutls_ktls_enable(gnutls_session_t session)
- {
- 	int sockin, sockout;
-+
- 	gnutls_transport_get_int2(session, &sockin, &sockout);
- 
--	if (setsockopt(sockin, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0)
-+	if (setsockopt(sockin, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0) {
- 		session->internals.ktls_enabled |= GNUTLS_KTLS_RECV;
-+		if (sockin == sockout) {
-+			session->internals.ktls_enabled |= GNUTLS_KTLS_SEND;
-+		}
-+	} else {
-+		_gnutls_record_log("Unable to set TCP_ULP for read socket: %d\n",
-+				   errno);
-+	}
- 
- 	if (sockin != sockout) {
--		if (setsockopt(sockout, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0)
-+		if (setsockopt(sockout, SOL_TCP, TCP_ULP, "tls", sizeof ("tls")) == 0) {
- 			session->internals.ktls_enabled |= GNUTLS_KTLS_SEND;
--	} else
--		session->internals.ktls_enabled |= GNUTLS_KTLS_SEND;
-+		} else {
-+			_gnutls_record_log("Unable to set TCP_ULP for write socket: %d\n",
-+					   errno);
-+		}
-+	}
- }
- 
- int _gnutls_ktls_set_keys(gnutls_session_t session)
--- 
-2.37.1
-
diff --git a/gnutls-3.7.7-fix-ktls.patch b/gnutls-3.7.7-fix-ktls.patch
new file mode 100644
index 0000000..e3e19e3
--- /dev/null
+++ b/gnutls-3.7.7-fix-ktls.patch
@@ -0,0 +1,13 @@
+diff --color -rup a/lib/handshake.c b/lib/handshake.c
+--- a/lib/handshake.c	2022-07-28 12:44:40.000000000 +0200
++++ b/lib/handshake.c	2022-07-29 12:30:00.110002282 +0200
+@@ -2861,7 +2861,8 @@ int gnutls_handshake(gnutls_session_t se
+ 
+ #ifdef ENABLE_KTLS
+ 		if (_gnutls_config_is_ktls_enabled()) {
+-			if (session->internals.pull_func ||
++			if ((session->internals.pull_func &&
++			    session->internals.pull_func != system_read) ||
+ 			    session->internals.push_func) {
+ 				_gnutls_audit_log(session,
+ 						  "Not enabling KTLS with "
diff --git a/gnutls-3.7.7.tar.xz.sig b/gnutls-3.7.7.tar.xz.sig
new file mode 100644
index 0000000..32aa439
Binary files /dev/null and b/gnutls-3.7.7.tar.xz.sig differ
diff --git a/gnutls.spec b/gnutls.spec
index 38ad2ae..4f866be 100644
--- a/gnutls.spec
+++ b/gnutls.spec
@@ -1,10 +1,9 @@
 # This spec file has been automatically updated
-Version: 3.7.6
+Version: 3.7.7
 Release: %{?autorelease}%{!?autorelease:1%{?dist}}
 Patch1:	gnutls-3.6.7-no-now-guile.patch
 Patch2:	gnutls-3.2.7-rpath.patch
-Patch3: gnutls-3.7.6-ktls-disabled-by-default.patch
-Patch4: gnutls-3.7.6-ktls-minor-fixes.patch
+Patch3: gnutls-3.7.7-fix-ktls.patch
 
 %bcond_without bootstrap
 %bcond_without dane
diff --git a/sources b/sources
index f8d02bd..7941535 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (gnutls-3.7.6.tar.xz) = f872339df80ec31d292821ff00eaafbe50e0bd4cdbb86e21e4f78541cd0a26d843596d5e69c91de4db8ce7d027fc639ae6462b57d89fb116162ae63c5a97486a
+SHA512 (gnutls-3.7.7.tar.xz) = ba00b20126379ec7e96c6bfa606cfb7bb0d9a5853318b29b5278a42a85ae40d39d8442778938e1f165debcdb1adaf9c63bcec59a4eb3387dd1ac99b08bcc5c08