diff --git a/ghc-tls.changes b/ghc-tls.changes
index 2fc3b6d..f7b0c8c 100644
--- a/ghc-tls.changes
+++ b/ghc-tls.changes
@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Mon May 14 17:02:11 UTC 2018 - psimons@suse.com
+
+- Update tls to version 1.4.1.
+  - Enable X25519 in default parameters [#265](https://github.com/vincenthz/hs-tls/pull/265)
+  - Checking EOF in bye [#262] (https://github.com/vincenthz/hs-tls/pull/262)
+  - Improving validation in DH key exchange [#256](https://github.com/vincenthz/hs-tls/pull/256)
+  - Handle TCP reset during handshake [#251](https://github.com/vincenthz/hs-tls/pull/251)
+  - Accepting hlint suggestions.
+  - Wrap renegotiation failures with HandshakeFailed [#237](https://github.com/vincenthz/hs-tls/pull/237)
+  - Improve selection of server certificate and use "signature_algorithms" extension [#236](https://github.com/vincenthz/hs-tls/pull/236)
+  - Change Bytes to ByteString and deprecate the Bytes type alias [#230](https://github.com/vincenthz/hs-tls/pull/230)
+  - Session compression and SNI [#223](https://github.com/vincenthz/hs-tls/pull/223)
+  - Deprecating ciphersuite_medium. Putting WARNING to ciphersuite_all since this includes RC4 [#153](https://github.com/vincenthz/hs-tls/pull/153) [#222](https://github.com/vincenthz/hs-tls/pull/222)
+  - Removing NPN [#214](https://github.com/vincenthz/hs-tls/pull/214)
+  - Supporting RSAPSS defined in TLS 1.3 [#207](https://github.com/vincenthz/hs-tls/pull/207)
+  - Supporting X25519 and X448 in the IES style. [#205](https://github.com/vincenthz/hs-tls/pull/205)
+  - Strip leading zeros in DHE premaster secret [#201](https://github.com/vincenthz/hs-tls/pull/201)
+  - RSASSA-PSS signatures can be enabled with `supportedHashSignatures`.  This
+    uses assignments from TLS 1.3, for example `(HashIntrinsic, SignatureRSApssSHA256)`.
+  - Diffie-Hellman with elliptic curves X25519 and X448: This can be enabled with
+    `supportedGroups`, which also gives control over curve preference.
+  - ECDH with curve P-256 now uses optimized C implementation from package `cryptonite`.
+
+  API CHANGES:
+
+  - Cipher list `ciphersuite_medium` is now deprecated, users are advised to use
+    `ciphersuite_default` or `ciphersuite_strong`.  List `ciphersuite_all` is kept
+    for compatibility with old servers but this is discouraged and generates a
+    warning (this includes RC4 ciphers, see [#153](https://github.com/vincenthz/hs-tls/pull/153)
+    for reference).
+  - Support for NPN (Next Protocol Negotiation) has been removed. The replacement
+    is ALPN (Application-Layer Protocol Negotiation).
+  - Data type `SessionData` now contains fields for compression algorithm and
+    client SNI.  A `SessionManager` implementation that serializes/deserializes
+    `SessionData` values must deal with the new fields.
+  - Module `Network.TLS` exports a type alias named `Bytes` which is now deprecated.
+    The replacement is to use strict `ByteString` directly.
+
 -------------------------------------------------------------------
 Thu Aug  3 15:38:38 UTC 2017 - psimons@suse.com
 
diff --git a/ghc-tls.spec b/ghc-tls.spec
index 8b2715a..6b8eb53 100644
--- a/ghc-tls.spec
+++ b/ghc-tls.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package ghc-tls
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %global pkg_name tls
 %bcond_with tests
 Name:           ghc-%{pkg_name}
-Version:        1.3.11
+Version:        1.4.1
 Release:        0
 Summary:        TLS/SSL protocol native implementation (Server and Client)
 License:        BSD-3-Clause
@@ -93,7 +93,7 @@ This package provides the Haskell %{pkg_name} library development files.
 %ghc_pkg_recache
 
 %files -f %{name}.files
-%doc LICENSE
+%license LICENSE
 
 %files devel -f %{name}-devel.files
 %doc CHANGELOG.md
diff --git a/tls-1.3.11.tar.gz b/tls-1.3.11.tar.gz
deleted file mode 100644
index ad7dabe..0000000
--- a/tls-1.3.11.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3f008eb942874f8114f9a332f9669c44d72825ba39ce0fad89f0f8dfa6fb2703
-size 94342
diff --git a/tls-1.4.1.tar.gz b/tls-1.4.1.tar.gz
new file mode 100644
index 0000000..b0f2b8a
--- /dev/null
+++ b/tls-1.4.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bbead1afc0b808bd5cff7bddaeae84ade37f18bbe72bd78d45a2fa4ac41908f8
+size 92647