diff --git a/extra/python/PKGBUILD b/extra/python/PKGBUILD
index 4a8fc3cbd..15cd87ee5 100644
--- a/extra/python/PKGBUILD
+++ b/extra/python/PKGBUILD
@@ -10,7 +10,7 @@
 #  - configure with --without-lto
 
 pkgname=python
-pkgver=3.6.1
+pkgver=3.6.2
 pkgrel=1
 _pybasever=3.6
 pkgdesc="Next generation of the python high-level scripting language"
@@ -28,19 +28,19 @@ optdepends=('python-setuptools'
 provides=('python3')
 replaces=('python3')
 source=("https://www.python.org/ftp/python/${pkgver%rc*}/Python-${pkgver}.tar.xz"{,.asc}
-        test_socket_aead_kernel49.patch
+        openssl-110f.patch
         dont-make-libpython-readonly.patch)
-sha1sums=('91d880a2a9fcfc6753cbfa132bf47a47e17e7b16'
-          'SKIP'
-          '54df54d984fae381e471494e9b7f028a9f792eaf'
-          'c22b24324b8e53326702de439c401d97927ee3f2')
+sha512sums=('a8270a09a9e9b39f69ece6cdade2fa964665d2107b5acbad4453f1b921107b329c697c137185928fb4a576fc0f2ae2a98dbf26a8b7ea17219e990ddbc216db8b'
+            'SKIP'
+            'b32c2a0f17b3d19720187b68606024886c6b8008b7c61feaf4fe7b26b4547fddc71a2f191f87557d5fe613d06a8bc79ce5f724681a3090559fc34a032ccbf61a'
+            '2ef96708d5b13ae2a3d2cc62c87b4780e60ecfce914e190564492def3a11d5e56977659f41c7f9d12266e58050c766bce4e2b5d50b708eb792794fa8357920c4')
 validpgpkeys=('0D96DF4D4110E5C43FBFB17F2D347EA6AA65421D')  # Ned Deily (Python release signing key) <nad@python.org>
 
 prepare() {
   cd Python-${pkgver}
 
-  # Test suite fix for Linux 4.9.
-  patch -p1 -i ../test_socket_aead_kernel49.patch
+  # https://bugs.python.org/issue30714
+  patch -p1 -i ../openssl-110f.patch
 
   # FS#45809
   patch -p1 -i ../dont-make-libpython-readonly.patch
diff --git a/extra/python/openssl-110f.patch b/extra/python/openssl-110f.patch
new file mode 100644
index 000000000..2c71b2b51
--- /dev/null
+++ b/extra/python/openssl-110f.patch
@@ -0,0 +1,51 @@
+From 0e396a20c3137244b1774bd14a0cb03921ff326d Mon Sep 17 00:00:00 2001
+From: Christian Heimes <christian@python.org>
+Date: Tue, 20 Jun 2017 18:28:38 +0200
+Subject: [PATCH] bpo-30714: ALPN changes for OpenSSL 1.1.0f
+
+OpenSSL 1.1.0 to 1.1.0e aborted the handshake when server and client
+could not agree on a protocol using ALPN. OpenSSL 1.1.0f changed that.
+The most recent version now behaves like OpenSSL 1.0.2 again. The ALPN
+callback can pretend to not been set.
+
+See https://github.com/openssl/openssl/pull/3158 for more details
+
+Signed-off-by: Christian Heimes <christian@python.org>
+---
+ Doc/library/ssl.rst  | 5 +++--
+ Lib/test/test_ssl.py | 5 +++--
+ Misc/NEWS            | 3 +++
+ 3 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
+index 729a239a1ba..b51b9c6e396 100644
+--- a/Doc/library/ssl.rst
++++ b/Doc/library/ssl.rst
+@@ -1447,8 +1447,9 @@ to speed up repeated connections from the same clients.
+    This method will raise :exc:`NotImplementedError` if :data:`HAS_ALPN` is
+    False.
+ 
+-   OpenSSL 1.1.0+ will abort the handshake and raise :exc:`SSLError` when
+-   both sides support ALPN but cannot agree on a protocol.
++   OpenSSL 1.1.0 to 1.1.0e will abort the handshake and raise :exc:`SSLError`
++   when both sides support ALPN but cannot agree on a protocol. 1.1.0f+
++   behaves like 1.0.2.
+ 
+    .. versionadded:: 3.5
+ 
+diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
+index fdaf1c52046..3215031206c 100644
+--- a/Lib/test/test_ssl.py
++++ b/Lib/test/test_ssl.py
+@@ -3267,8 +3267,9 @@ def test_alpn_protocols(self):
+                 except ssl.SSLError as e:
+                     stats = e
+ 
+-                if expected is None and IS_OPENSSL_1_1:
+-                    # OpenSSL 1.1.0 raises handshake error
++                if (expected is None and IS_OPENSSL_1_1
++                        and ssl.OPENSSL_VERSION_INFO < (1, 1, 0, 6)):
++                    # OpenSSL 1.1.0 to 1.1.0e raises handshake error
+                     self.assertIsInstance(stats, ssl.SSLError)
+                 else:
+                     msg = "failed trying %s (s) and %s (c).\n" \
diff --git a/extra/python/test_socket_aead_kernel49.patch b/extra/python/test_socket_aead_kernel49.patch
deleted file mode 100644
index 1c00f73f1..000000000
--- a/extra/python/test_socket_aead_kernel49.patch
+++ /dev/null
@@ -1,61 +0,0 @@
-Index: Python-3.6.0/Lib/test/test_socket.py
-===================================================================
---- Python-3.6.0.orig/Lib/test/test_socket.py
-+++ Python-3.6.0/Lib/test/test_socket.py
-@@ -5456,7 +5456,7 @@ class LinuxKernelCryptoAPI(unittest.Test
-             self.assertEqual(len(dec), msglen * multiplier)
-             self.assertEqual(dec, msg * multiplier)
- 
--    @support.requires_linux_version(4, 3)  # see test_aes_cbc
-+    @support.requires_linux_version(4, 9)  # see issue29324
-     def test_aead_aes_gcm(self):
-         key = bytes.fromhex('c939cc13397c1d37de6ae0e1cb7c423c')
-         iv = bytes.fromhex('b3d8cc017cbb89b39e0f67e2')
-@@ -5479,8 +5479,7 @@ class LinuxKernelCryptoAPI(unittest.Test
-                 op.sendmsg_afalg(op=socket.ALG_OP_ENCRYPT, iv=iv,
-                                  assoclen=assoclen, flags=socket.MSG_MORE)
-                 op.sendall(assoc, socket.MSG_MORE)
--                op.sendall(plain, socket.MSG_MORE)
--                op.sendall(b'\x00' * taglen)
-+                op.sendall(plain)
-                 res = op.recv(assoclen + len(plain) + taglen)
-                 self.assertEqual(expected_ct, res[assoclen:-taglen])
-                 self.assertEqual(expected_tag, res[-taglen:])
-@@ -5488,7 +5487,7 @@ class LinuxKernelCryptoAPI(unittest.Test
-             # now with msg
-             op, _ = algo.accept()
-             with op:
--                msg = assoc + plain + b'\x00' * taglen
-+                msg = assoc + plain
-                 op.sendmsg_afalg([msg], op=socket.ALG_OP_ENCRYPT, iv=iv,
-                                  assoclen=assoclen)
-                 res = op.recv(assoclen + len(plain) + taglen)
-@@ -5499,7 +5498,7 @@ class LinuxKernelCryptoAPI(unittest.Test
-             pack_uint32 = struct.Struct('I').pack
-             op, _ = algo.accept()
-             with op:
--                msg = assoc + plain + b'\x00' * taglen
-+                msg = assoc + plain
-                 op.sendmsg(
-                     [msg],
-                     ([socket.SOL_ALG, socket.ALG_SET_OP, pack_uint32(socket.ALG_OP_ENCRYPT)],
-@@ -5507,7 +5506,7 @@ class LinuxKernelCryptoAPI(unittest.Test
-                      [socket.SOL_ALG, socket.ALG_SET_AEAD_ASSOCLEN, pack_uint32(assoclen)],
-                     )
-                 )
--                res = op.recv(len(msg))
-+                res = op.recv(len(msg) + taglen)
-                 self.assertEqual(expected_ct, res[assoclen:-taglen])
-                 self.assertEqual(expected_tag, res[-taglen:])
- 
-@@ -5517,8 +5516,8 @@ class LinuxKernelCryptoAPI(unittest.Test
-                 msg = assoc + expected_ct + expected_tag
-                 op.sendmsg_afalg([msg], op=socket.ALG_OP_DECRYPT, iv=iv,
-                                  assoclen=assoclen)
--                res = op.recv(len(msg))
--                self.assertEqual(plain, res[assoclen:-taglen])
-+                res = op.recv(len(msg) - taglen)
-+                self.assertEqual(plain, res[assoclen:])
- 
-     @support.requires_linux_version(4, 3)  # see test_aes_cbc
-     def test_drbg_pr_sha256(self):