diff --git a/core/wpa_supplicant/build b/core/wpa_supplicant/build
index beaaac17..6a17b285 100755
--- a/core/wpa_supplicant/build
+++ b/core/wpa_supplicant/build
@@ -1,7 +1,5 @@
 #!/bin/sh -e
 
-patch -p1 < libressl.patch
-
 cd wpa_supplicant
 mv ../.config .
 
diff --git a/core/wpa_supplicant/checksums b/core/wpa_supplicant/checksums
index 86ac714e..78b3b416 100644
--- a/core/wpa_supplicant/checksums
+++ b/core/wpa_supplicant/checksums
@@ -1,3 +1,2 @@
-b4936d34c4e6cdd44954beba74296d964bc2c9668ecaa5255e499636fe2b1450  wpa_supplicant-2.6.tar.gz
+a689336a12a99151b9de5e25bfccadb88438f4f4438eb8db331cd94346fd3d96  wpa_supplicant-2.8.tar.gz
 6a753cde8110f38580ed8e73a50b344c9249aabcef9f1fc689900e9f0c424640  .config
-74f11593684ebbf49a742ec70432c7e653489673375ecb08e9a6d32a4deef95f  libressl.patch
diff --git a/core/wpa_supplicant/patches/libressl.patch b/core/wpa_supplicant/patches/libressl.patch
deleted file mode 100644
index 2627c93d..00000000
--- a/core/wpa_supplicant/patches/libressl.patch
+++ /dev/null
@@ -1,76 +0,0 @@
---- ./src/crypto/crypto_openssl.c.orig	2016-10-02 20:51:11.000000000 +0200
-+++ ./src/crypto/crypto_openssl.c	2018-04-25 07:45:26.063040958 +0200
-@@ -33,7 +33,7 @@
- #include "aes_wrap.h"
- #include "crypto.h"
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- /* Compatibility wrappers for older versions. */
-
- static HMAC_CTX * HMAC_CTX_new(void)
-@@ -79,7 +79,7 @@ static void EVP_MD_CTX_free(EVP_MD_CTX *
-
- static BIGNUM * get_group5_prime(void)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- 	return BN_get_rfc3526_prime_1536(NULL);
- #elif !defined(OPENSSL_IS_BORINGSSL)
- 	return get_rfc3526_prime_1536(NULL);
---- ./src/crypto/tls_openssl.c.orig	2016-10-02 20:51:11.000000000 +0200
-+++ ./src/crypto/tls_openssl.c	2018-04-25 07:45:26.087040994 +0200
-@@ -59,7 +59,7 @@ typedef int stack_index_t;
- #endif /* SSL_set_tlsext_status_type */
-
- #if (OPENSSL_VERSION_NUMBER < 0x10100000L || \
--     defined(LIBRESSL_VERSION_NUMBER)) &&    \
-+     (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)) &&    \
-     !defined(BORINGSSL_API_VERSION)
- /*
-  * SSL_get_client_random() and SSL_get_server_random() were added in OpenSSL
-@@ -3105,7 +3105,7 @@ int tls_connection_get_random(void *ssl_
- #ifdef OPENSSL_NEED_EAP_FAST_PRF
- static int openssl_get_keyblock_size(SSL *ssl)
- {
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- 	const EVP_CIPHER *c;
- 	const EVP_MD *h;
- 	int md_size;
-@@ -3562,7 +3562,7 @@ int tls_connection_set_cipher_list(void
-
- 	wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1);
-
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- #if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) || defined(EAP_SERVER_FAST)
- 	if (os_strstr(buf, ":ADH-")) {
- 		/*
-@@ -4146,7 +4146,7 @@ int tls_global_set_params(void *tls_ctx,
-  * commented out unless explicitly needed for EAP-FAST in order to be able to
-  * build this file with unmodified openssl. */
-
--#if (defined(OPENSSL_IS_BORINGSSL) || OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
-+#if (defined(OPENSSL_IS_BORINGSSL) || OPENSSL_VERSION_NUMBER >= 0x10100000L) && !(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len,
- 			   STACK_OF(SSL_CIPHER) *peer_ciphers,
- 			   const SSL_CIPHER **cipher, void *arg)
-@@ -4159,7 +4159,7 @@ static int tls_sess_sec_cb(SSL *s, void
- 	struct tls_connection *conn = arg;
- 	int ret;
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- 	if (conn == NULL || conn->session_ticket_cb == NULL)
- 		return 0;
-
-@@ -4254,7 +4254,7 @@ int tls_connection_set_session_ticket_cb
-
- int tls_get_library_version(char *buf, size_t buf_len)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- 	return os_snprintf(buf, buf_len, "OpenSSL build=%s run=%s",
- 			   OPENSSL_VERSION_TEXT,
- 			   OpenSSL_version(OPENSSL_VERSION));
diff --git a/core/wpa_supplicant/sources b/core/wpa_supplicant/sources
index cb74fb22..5cf8e9ab 100644
--- a/core/wpa_supplicant/sources
+++ b/core/wpa_supplicant/sources
@@ -1,3 +1,2 @@
-http://w1.fi/releases/wpa_supplicant-2.6.tar.gz
+http://w1.fi/releases/wpa_supplicant-2.8.tar.gz
 files/.config
-patches/libressl.patch
diff --git a/core/wpa_supplicant/version b/core/wpa_supplicant/version
index eb0c981f..5d860172 100644
--- a/core/wpa_supplicant/version
+++ b/core/wpa_supplicant/version
@@ -1 +1 @@
-2.6 1
+2.8 1