diff --git a/net/nut/Makefile b/net/nut/Makefile
index bc69d2277..879f8287c 100644
--- a/net/nut/Makefile
+++ b/net/nut/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nut
-PKG_VERSION:=2.7.4
-PKG_RELEASE:=28
+PKG_VERSION:=2.8.0
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.networkupstools.org/source/2.7/
-PKG_HASH:=980e82918c52d364605c0703a5dcf01f74ad2ef06e3d365949e43b7d406d25a7
+PKG_SOURCE_URL:=http://www.networkupstools.org/source/2.8/
+PKG_HASH:=c3e5a708da797b7c70b653d37b1206a000fcb503b85519fe4cdf6353f792bfe5
 PKG_LICENSE:=GPL-2.0-or-later GPL-3.0-or-later GPL-1.0-or-later Artistic-1.0-Perl
 PKG_LICENSE_FILES:=LICENSE-GPL2 LICENSE-GPL3 COPYING
 PKG_FIXUP:=autoreconf
@@ -399,7 +399,7 @@ endef
 SERIAL_DRIVERLIST = al175 bcmxcp belkin belkinunv bestfcom	\
  bestfortress bestuferrups bestups dummy-ups etapro everups	 \
  gamatronic genericups isbmex liebert liebert-esp2 masterguard metasys	\
- oldmge-shut mge-utalk microdowell mge-shut oneac optiups powercom rhino	 \
+ mge-utalk microdowell mge-shut oneac optiups powercom rhino	 \
  safenet skel solis tripplite tripplitesu upscode2 victronups powerpanel \
  blazer_ser clone clone-outlet ivtscd apcsmart apcsmart-old apcupsd-ups riello_ser	\
  nutdrv_qx
@@ -459,8 +459,6 @@ $(eval $(call DriverDescription,serial,masterguard,\
 	Driver for Masterguard UPS equipment))
 $(eval $(call DriverDescription,serial,metasys,\
 	Driver for Meta System UPS equipment))
-$(eval $(call DriverDescription,serial,oldmge-shut,\
-	Driver for SHUT Protocol UPS equipment, deprecated, use mge-shut))
 $(eval $(call DriverDescription,serial,mge-utalk,\
 	Driver for MGE UPS SYSTEMS UTalk protocol equipment))
 $(eval $(call DriverDescription,serial,microdowell,\
diff --git a/net/nut/patches/0001-Add-compatibility-with-openssl-1.1.0.patch b/net/nut/patches/0001-Add-compatibility-with-openssl-1.1.0.patch
deleted file mode 100644
index 23d10fb38..000000000
--- a/net/nut/patches/0001-Add-compatibility-with-openssl-1.1.0.patch
+++ /dev/null
@@ -1,166 +0,0 @@
-commit 612c05efb3c3b243da603a3a050993281888b6e3
-Author: Arjen de Korte <build+github@de-korte.org>
-Date:   Fri Mar 15 10:17:32 2019 +0100
-
-    Add support for openssl-1.1.0 (#504)
-    
-    * Add support for openssl-1.1.0
-    
-    * Allow TLSv1 and higher (not just TLSv1)
-    
-    * Fix check for empty string
-    
-    * Report TLS handshake in debug mode
-    
-    * Update nut_check_libopenssl.m4
-    
-    * Update upsclient.c
-    
-    * Update netssl.c
-
---- a/clients/upsclient.c
-+++ b/clients/upsclient.c
-@@ -299,11 +299,6 @@ int upscli_init(int certverify, const ch
- {
- #ifdef WITH_OPENSSL
- 	int ret, ssl_mode = SSL_VERIFY_NONE;
--#if OPENSSL_VERSION_NUMBER >= 0x10000000L
--	const SSL_METHOD	*ssl_method;
--#else
--	SSL_METHOD	*ssl_method;
--#endif
- #elif defined(WITH_NSS) /* WITH_OPENSSL */
- 	SECStatus	status;
- #endif /* WITH_OPENSSL | WITH_NSS */
-@@ -315,22 +310,32 @@ int upscli_init(int certverify, const ch
- 	}
- 	
- #ifdef WITH_OPENSSL
--	
--	SSL_library_init();
--	SSL_load_error_strings();
- 
--	ssl_method = TLSv1_client_method();
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+	SSL_load_error_strings();
-+	SSL_library_init();
- 
--	if (!ssl_method) {
--		return 0;
--	}
-+	ssl_ctx = SSL_CTX_new(SSLv23_client_method());
-+#else
-+	ssl_ctx = SSL_CTX_new(TLS_client_method());
-+#endif
- 
--	ssl_ctx = SSL_CTX_new(ssl_method);
- 	if (!ssl_ctx) {
- 		upslogx(LOG_ERR, "Can not initialize SSL context");
- 		return -1;
- 	}
- 	
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+	/* set minimum protocol TLSv1 */
-+	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
-+#else
-+	ret = SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION);
-+	if (ret != 1) {
-+		upslogx(LOG_ERR, "Can not set minimum protocol to TLSv1");
-+		return -1;
-+	}
-+#endif
-+
- 	if (!certpath) {
- 		if (certverify == 1) {
- 			upslogx(LOG_ERR, "Can not verify certificate if any is specified");
-@@ -737,7 +742,7 @@ static int upscli_sslinit(UPSCONN_t *ups
- 	switch(res)
- 	{
- 	case 1:
--		upsdebugx(3, "SSL connected");
-+		upsdebugx(3, "SSL connected (%s)", SSL_get_version(ups->ssl));
- 		break;
- 	case 0:
- 		upslog_with_errno(1, "SSL_connect do not accept handshake.");
---- a/clients/upssched.c
-+++ b/clients/upssched.c
-@@ -794,7 +794,7 @@ static void parse_at(const char *ntype,
- 	}
- 
- 	if (!strcmp(cmd, "EXECUTE")) {
--		if (ca1 == '\0') {
-+		if (ca1[0] == '\0') {
- 			upslogx(LOG_ERR, "Empty EXECUTE command argument");
- 			return;
- 		}
---- a/m4/nut_check_libopenssl.m4
-+++ b/m4/nut_check_libopenssl.m4
-@@ -58,7 +58,7 @@ if test -z "${nut_have_libopenssl_seen}"
- 
- 	dnl check if openssl is usable
- 	AC_CHECK_HEADERS(openssl/ssl.h, [nut_have_openssl=yes], [nut_have_openssl=no], [AC_INCLUDES_DEFAULT])
--	AC_CHECK_FUNCS(SSL_library_init, [], [nut_have_openssl=no])
-+	AC_CHECK_FUNCS(SSL_CTX_new, [], [nut_have_openssl=no])
- 
- 	if test "${nut_have_openssl}" = "yes"; then
- 		nut_with_ssl="yes"
---- a/server/netssl.c
-+++ b/server/netssl.c
-@@ -274,7 +274,7 @@ void net_starttls(nut_ctype_t *client, i
- 	{
- 	case 1:
- 		client->ssl_connected = 1;
--		upsdebugx(3, "SSL connected");
-+		upsdebugx(3, "SSL connected (%s)", SSL_get_version(client->ssl));
- 		break;
- 		
- 	case 0:
-@@ -370,13 +370,7 @@ void ssl_init(void)
- {
- #ifdef WITH_NSS
- 	SECStatus status;
--#elif defined(WITH_OPENSSL)
--#if OPENSSL_VERSION_NUMBER >= 0x10000000L
--	const SSL_METHOD	*ssl_method;
--#else
--	SSL_METHOD	*ssl_method;
--#endif
--#endif /* WITH_NSS|WITH_OPENSSL */
-+#endif /* WITH_NSS */
- 
- 	if (!certfile) {
- 		return;
-@@ -386,18 +380,29 @@ void ssl_init(void)
- 
- #ifdef WITH_OPENSSL
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- 	SSL_load_error_strings();
- 	SSL_library_init();
- 
--	if ((ssl_method = TLSv1_server_method()) == NULL) {
-+	ssl_ctx = SSL_CTX_new(SSLv23_server_method());
-+#else
-+	ssl_ctx = SSL_CTX_new(TLS_server_method());
-+#endif
-+
-+	if (!ssl_ctx) {
- 		ssl_debug();
--		fatalx(EXIT_FAILURE, "TLSv1_server_method failed");
-+		fatalx(EXIT_FAILURE, "SSL_CTX_new failed");
- 	}
- 
--	if ((ssl_ctx = SSL_CTX_new(ssl_method)) == NULL) {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+	/* set minimum protocol TLSv1 */
-+	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
-+#else
-+	if (SSL_CTX_set_min_proto_version(ssl_ctx, TLS1_VERSION) != 1) {
- 		ssl_debug();
--		fatalx(EXIT_FAILURE, "SSL_CTX_new failed");
-+		fatalx(EXIT_FAILURE, "SSL_CTX_set_min_proto_version(TLS1_VERSION)");
- 	}
-+#endif
- 
- 	if (SSL_CTX_use_certificate_chain_file(ssl_ctx, certfile) != 1) {
- 		ssl_debug();