diff --git a/PKGBUILD b/PKGBUILD
index a4134d9..c1fb977 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -1,35 +1,67 @@
-# Maintainer: Future Linux Team <futurelinux@163.com>
+# This is an example PKGBUILD file. Use this as a start to creating your own,
+# and remove these comments. For more information, see 'man PKGBUILD'.
+# NOTE: Please fill out the license field for your package! If it is unknown,
+# then please put 'unknown'.
 
+# Maintainer: Future Linux Team <futurelinux@163.com>
 pkgname=gnutls
-pkgver=3.8.5
+pkgver=3.8.7
 pkgrel=1
 pkgdesc="A library which provides a secure layer over a reliable transport layer"
 arch=('x86_64')
 url="https://www.gnutls.org/"
-license=('GPL')
-depends=('glibc' 'gcc-libs' 'gmp' 'libtasn1' 'readline' 'zlib' 'nettle' 'libp11-kit'
-	'libidn2' 'zstd' 'libunistring' 'brotli')
+license=('GPL-3.0-or-later AND LGPL-2.1-or-later')
+depends=(
+    'glibc'
+    'gcc-libs'
+    'gmp'
+    'libtasn1'
+    'readline'
+    'zlib'
+    'nettle'
+    'libp11-kit'
+    'libidn2'
+    'zstd'
+    'libunistring'
+    'brotli')
 options=('!zipman')
-source=(https://www.gnupg.org/ftp/gcrypt/${pkgname}/v${pkgver%.*}/${pkgname}-${pkgver}.tar.xz)
-sha256sums=(66269a2cfe0e1c2dabec87bdbbd8ab656f396edd9a40dd006978e003cfa52bfc)
+source=(https://www.gnupg.org/ftp/gcrypt/${pkgname}/v${pkgver%.*}/${pkgname}-${pkgver}.tar.xz
+    config)
+sha256sums=(fe302f2b6ad5a564bcb3678eb61616413ed5277aaf8e7bf7cdb9a95a18d9f477
+    22e614510fe52defe8c233ce3e5ead2205739fd967657ce3176ca121f3c562b5)
 
 build() {
-	cd ${pkgname}-${pkgver}
+    cd ${pkgname}-${pkgver}
 
-	${CONFIGURE}                                          \
-		--with-idn                                    \
-		--with-brotli                                 \
-		--with-zstd                                   \
-		--enable-openssl-compatibility                \
-		--with-default-trust-store-pkcs11="pkcs11:"   \
-		--docdir=/usr/share/doc/${pkgname}-${pkgver}
+    ${CONFIGURE}                                      \
+        --disable-static                              \
+        --with-idn                                    \
+        --with-brotli                                 \
+        --with-zstd                                   \
+        --enable-ktls                                 \
+        --enable-openssl-compatibility                \
+        --with-default-trust-store-pkcs11="pkcs11:"   \
+        --docdir=/usr/share/doc/${pkgname}-${pkgver}
 
-	sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
-	make
+    sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+    make
 }
 
 package() {
-	cd ${pkgname}-${pkgver}
+    cd ${pkgname}-${pkgver}
 
-	make DESTDIR=${pkgdir} install
+    make DESTDIR=${pkgdir} install
+
+    # prepare to load tls module required for ktls
+    install -dm755 ${pkgdir}/etc/modules-load.d
+    echo "#tls" > ${pkgdir}/etc/modules-load.d/gnutls.conf
+    
+    # disable ktls by default for now
+    install -dm755 ${pkgdir}/etc/gnutls
+    install -Dm644 ${srcdir}/config  ${pkgdir}/etc/gnutls/config
+
+    # lots of .png files are put into infodir and are gzipped by makepkg! this needs to be fixed by using !zipman
+    # gzip -9 all files in infodir and manpages manually
+    find ${pkgdir}/usr/share/info -name '*.info*' -exec gzip -n -9 {} \;
+    find ${pkgdir}/usr/share/man -exec gzip -n -9 {} \;
 }
diff --git a/config b/config
new file mode 100644
index 0000000..69c29a3
--- /dev/null
+++ b/config
@@ -0,0 +1,9 @@
+# https://gnutls.org/manual/html_node/Enabling_002fDisabling-system_002facceleration-protocols.html#Enabling-KTLS
+#
+# GnuTLS is built with -–enable-ktls configuration, KTLS is disabled by default.
+# This can be enabled by setting ktls = true in [global] section.
+#
+
+[global]
+ktls = false
+#ktls = true