diff --git a/net/freeradius3/Makefile b/net/freeradius3/Makefile
index 575568c37..8fe903983 100644
--- a/net/freeradius3/Makefile
+++ b/net/freeradius3/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2008-2016 OpenWrt.org
+# Copyright (C) 2008-2020 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=freeradius3
-PKG_VERSION:=release_3_0_19
-PKG_RELEASE:=2
+PKG_VERSION:=release_3_0_20
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/FreeRADIUS/freeradius-server/archive
-PKG_HASH:=34c50ac47a683b13eae1a02f2d0263c0bd51a83f01b99c02c5fe25df07a1ee77
+PKG_HASH:=8177fe550af6685a040884dbe3df28431bdc5a8d3a48a9f4f88bdb49f2d0e90c
 
 PKG_MAINTAINER:=
 PKG_LICENSE:=GPL-2.0
diff --git a/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch b/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch
index 801550b06..a96964fec 100644
--- a/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch
+++ b/net/freeradius3/patches/002-disable-session-cache-CVE-2017-9148.patch
@@ -3,22 +3,13 @@ Description: disable session caching in the server (as opposed to in the
  https://security-tracker.debian.org/tracker/CVE-2017-9148
 Author: Michael Stapelberg <stapelberg@debian.org>
 Forwarded: not-needed
-Last-Update: 2017-05-30
+Last-Update: 2020-01-24
 
 ---
 
 --- a/src/main/tls.c
 +++ b/src/main/tls.c
-@@ -594,7 +594,7 @@ tls_session_t *tls_new_session(TALLOC_CT
- 	 *
- 	 *	FIXME: Also do it every N sessions?
- 	 */
--	if (conf->session_cache_enable &&
-+	if (/*conf->session_cache_enable*/0 &&
- 	    ((conf->session_last_flushed + ((int)conf->session_timeout * 1800)) <= request->timestamp)){
- 		RDEBUG2("Flushing SSL sessions (of #%ld)", SSL_CTX_sess_number(conf->ctx));
- 
-@@ -689,7 +689,7 @@ tls_session_t *tls_new_session(TALLOC_CT
+@@ -675,7 +675,7 @@ tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQU
  		state->mtu = vp->vp_integer;
  	}
  
@@ -27,7 +18,7 @@ Last-Update: 2017-05-30
  
  	return state;
  }
-@@ -3277,7 +3277,7 @@ post_ca:
+@@ -3292,7 +3292,7 @@ post_ca:
  	/*
  	 *	Callbacks, etc. for session resumption.
  	 */
@@ -36,7 +27,7 @@ Last-Update: 2017-05-30
  		/*
  		 *	Cache sessions on disk if requested.
  		 */
-@@ -3347,7 +3347,7 @@ post_ca:
+@@ -3362,7 +3362,7 @@ post_ca:
  	/*
  	 *	Setup session caching
  	 */
@@ -45,3 +36,12 @@ Last-Update: 2017-05-30
  		/*
  		 *	Create a unique context Id per EAP-TLS configuration.
  		 */
+@@ -3531,7 +3531,7 @@ fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs)
+ 		goto error;
+ 	}
+ 
+-	if (conf->session_cache_enable) {
++	if (/*conf->session_cache_enable*/0) {
+ 		CONF_SECTION	*subcs;
+ 		CONF_ITEM	*ci;
+