diff --git a/ghc-tls.changes b/ghc-tls.changes
index 66dd206..e3f77f6 100644
--- a/ghc-tls.changes
+++ b/ghc-tls.changes
@@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Sun Feb 18 22:15:12 UTC 2024 - Peter Simons <psimons@suse.com>
+
+- Update tls to version 2.0.1.
+  ## Version 2.0.1
+
+  * Fix a leak of pending data to be sent.
+
+  ## Version 2.0.0
+
+  * `tls` now only supports TLS 1.2 and TLS 1.3 with safe cipher suites.
+  * Security: BREAKING CHANGE: TLS 1.0 and TLS 1.1 are removed.
+  * Security: BREAKING CHANGE: all CBC cipher suite are removed.
+  * Security: BREAKING CHANGE: RC4 and 3DES are removed.
+  * Security: BREAKING CHANGE: DSS(digital signature standard) is removed.
+  * Security: BREAKING CHANGE: TLS 1.2 servers require
+    EMS(extended main secret) by default.
+    `supportedExtendedMasterSec` is renamed to
+    `supportedExtendedMainSecret`.
+  * BREAKING CHANGE: the package is now complied with `Strict` and `StrictData`.
+  * BREAKING CHANGE: Many data structures are re-defined with
+   `PatternSynonyms` for extensibility.
+  * BREAKING CHANGE: the structure of `SessionManager` is changed
+    to support session tickets.
+  * API: BREAKING CHANGE: `sendData` can send early data (0-RTT).
+    `clientEarlyData` is removed.
+    To send early data via `sendData`, set `clientUseEarlyData` to `True`.
+    [#466](https://github.com/haskell-tls/hs-tls/issues/466)
+  * API: `handshake` can receive an alert of client authentication failure
+    for TLS 1.3.
+    [#463](https://github.com/haskell-tls/hs-tls/pull/463)
+  * API: `bye` can receive NewSessionTicket for TLS 1.3.
+  * Channel binding: `getFinished` and `getPeerFinished` are deprecated.
+    Use `getTLSUnique` instead.
+    [#462](https://github.com/haskell-tls/hs-tls/pull/462)
+  * Channel binding: `getTLSExporter` and `getTLSServerEndPoint` are provided.
+    [#462](https://github.com/haskell-tls/hs-tls/pull/462)
+  * Refactoring: the monolithic `handshake` is divided to follow
+    the diagram of TLS 1.2 and 1.3 for readability.
+  * Refactoring: test cases are refactored for maintenability
+    and readablity. `hspec` is used instead of `tasty`.
+  * Code format: `fourmolu` is used as an official formatter.
+  * Catching up RFC8446bis-09.
+    [#467](https://github.com/haskell-tls/hs-tls/issues/467)
+
 -------------------------------------------------------------------
 Tue Sep  5 05:49:20 UTC 2023 - Peter Simons <psimons@suse.com>
 
diff --git a/ghc-tls.spec b/ghc-tls.spec
index 25beac7..968307a 100644
--- a/ghc-tls.spec
+++ b/ghc-tls.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package ghc-tls
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -20,9 +20,9 @@
 %global pkgver %{pkg_name}-%{version}
 %bcond_with tests
 Name:           ghc-%{pkg_name}
-Version:        1.9.0
+Version:        2.0.1
 Release:        0
-Summary:        TLS/SSL protocol native implementation (Server and Client)
+Summary:        TLS protocol native implementation
 License:        BSD-3-Clause
 URL:            https://hackage.haskell.org/package/%{pkg_name}
 Source0:        https://hackage.haskell.org/package/%{pkg_name}-%{version}/%{pkg_name}-%{version}.tar.gz
@@ -35,6 +35,8 @@ BuildRequires:  ghc-async-devel
 BuildRequires:  ghc-async-prof
 BuildRequires:  ghc-base-devel
 BuildRequires:  ghc-base-prof
+BuildRequires:  ghc-base16-bytestring-devel
+BuildRequires:  ghc-base16-bytestring-prof
 BuildRequires:  ghc-bytestring-devel
 BuildRequires:  ghc-bytestring-prof
 BuildRequires:  ghc-cereal-devel
@@ -56,6 +58,8 @@ BuildRequires:  ghc-mtl-prof
 BuildRequires:  ghc-network-devel
 BuildRequires:  ghc-network-prof
 BuildRequires:  ghc-rpm-macros
+BuildRequires:  ghc-serialise-devel
+BuildRequires:  ghc-serialise-prof
 BuildRequires:  ghc-transformers-devel
 BuildRequires:  ghc-transformers-prof
 BuildRequires:  ghc-unix-time-devel
@@ -66,25 +70,12 @@ BuildRequires:  ghc-QuickCheck-devel
 BuildRequires:  ghc-QuickCheck-prof
 BuildRequires:  ghc-hourglass-devel
 BuildRequires:  ghc-hourglass-prof
-BuildRequires:  ghc-tasty-devel
-BuildRequires:  ghc-tasty-prof
-BuildRequires:  ghc-tasty-quickcheck-devel
-BuildRequires:  ghc-tasty-quickcheck-prof
+BuildRequires:  ghc-hspec-devel
+BuildRequires:  ghc-hspec-prof
 %endif
 
 %description
-Native Haskell TLS and SSL protocol implementation for server and client.
-
-This provides a high-level implementation of a sensitive security protocol,
-eliminating a common set of security issues through the use of the advanced
-type system, high level constructions and common Haskell features.
-
-Currently implement the TLS1.0, TLS1.1, TLS1.2 and TLS 1.3 protocol, and
-support RSA and Ephemeral (Elliptic curve and regular) Diffie Hellman key
-exchanges, and many extensions.
-
-Some debug tools linked with tls, are available through the
-<http://hackage.haskell.org/package/tls-debug/>.
+Native Haskell TLS 1.2/1.3 protocol implementation for servers and clients.
 
 %package devel
 Summary:        Haskell %{pkg_name} library development files
diff --git a/tls-1.9.0.tar.gz b/tls-1.9.0.tar.gz
deleted file mode 100644
index 27bd340..0000000
--- a/tls-1.9.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5605b9cbe0903b100e9de72800641453f74bf5dade6176dbe10b34ac9353433e
-size 159392
diff --git a/tls-2.0.1.tar.gz b/tls-2.0.1.tar.gz
new file mode 100644
index 0000000..786d1f3
--- /dev/null
+++ b/tls-2.0.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:98658cb0394a9cd08c56c5fe11a6c96f16c892a2a594db421cd72e0e7f7be684
+size 162814