diff --git a/lighttpd-1.4.72.tar.xz b/lighttpd-1.4.72.tar.xz
deleted file mode 100644
index 62e103e40c8477ae9384722d4680efb752c7fde4..0000000000000000000000000000000000000000
Binary files a/lighttpd-1.4.72.tar.xz and /dev/null differ
diff --git a/lighttpd-1.4.65-defaultconf.patch b/lighttpd-1.4.77-defaultconf.patch
similarity index 39%
rename from lighttpd-1.4.65-defaultconf.patch
rename to lighttpd-1.4.77-defaultconf.patch
index 013dcd83ec7cf3c00b6bc776181183d6d813e5e0..bda5243c73a52bf8a557cc64e814ffc1f4255add 100644
--- a/lighttpd-1.4.65-defaultconf.patch
+++ b/lighttpd-1.4.77-defaultconf.patch
@@ -1,5 +1,5 @@
---- doc/config/lighttpd.conf~	2021-12-02 09:34:06.450352761 -0600
-+++ doc/config/lighttpd.conf	2021-12-02 09:36:04.345770602 -0600
+--- doc/config/lighttpd.annotated.conf.orig	2025-01-10 12:38:45.338557175 -0600
++++ doc/config/lighttpd.annotated.conf	2025-01-10 12:39:45.326238702 -0600
 @@ -14,8 +14,8 @@
  ## chroot example as well.
  ##
@@ -11,18 +11,7 @@
  var.home_dir    = "/var/lib/lighttpd"
  var.conf_dir    = "/etc/lighttpd"
  
-@@ -436,7 +436,7 @@
- ##   # Check your cipher list with: openssl ciphers -v '...'
- ##   # (use single quotes with: openssl ciphers -v '...'
- ##   #  as your shell won't like ! in double quotes)
--##   #ssl.cipher-list            = "HIGH"   # default
-+##   #ssl.cipher-list            = "PROFILE=SYSTEM"
- ##
- ##   # (recommended to accept only TLSv1.2 and TLSv1.3)
- ##   #ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1.2")  # default
---- doc/config/lighttpd.conf~	2022-07-28 10:49:14.928564535 -0500
-+++ doc/config/lighttpd.conf	2022-07-28 10:49:47.161444622 -0500
-@@ -118,7 +118,7 @@
+@@ -114,7 +114,7 @@
  ##
  ## Document root
  ##
@@ -31,3 +20,12 @@
  
  ##
  ## The value for the "Server:" response field.
+@@ -415,7 +415,7 @@
+ ##   # lighttpd TLS defaults are strict and compatible with modern clients.
+ ##   # If your organization requires use of system-managed TLS defaults to
+ ##   # override lighttpd TLS defaults, use "CipherString" => "PROFILE=SYSTEM"
+-##   #ssl.openssl.ssl-conf-cmd += ("CipherString" => "PROFILE=SYSTEM")
++ssl.openssl.ssl-conf-cmd += ("CipherString" => "PROFILE=SYSTEM")
+ ##
+ ##   $SERVER["socket"] == "*:443" {
+ ##     ssl.engine  = "enable"
diff --git a/lighttpd-1.4.77.tar.xz b/lighttpd-1.4.77.tar.xz
new file mode 100644
index 0000000000000000000000000000000000000000..b091875d32a896286d1299705602f3185a706fc0
Binary files /dev/null and b/lighttpd-1.4.77.tar.xz differ
diff --git a/lighttpd.spec b/lighttpd.spec
index a90302c86163d48e3af94017b342aa1b4d7cba83..a6b4e2a56847171e7880bb796dd57f1b059e0ce7 100644
--- a/lighttpd.spec
+++ b/lighttpd.spec
@@ -27,7 +27,7 @@
 %bcond_without tmpfiles
 Summary:             Lightning fast webserver with light system requirements
 Name:                lighttpd
-Version:             1.4.72
+Version:             1.4.77
 Release:             1
 License:             BSD-3-Clause and OML and GPLv3 and GPLv2
 URL:                 https://github.com/lighttpd/lighttpd1.4
@@ -35,7 +35,7 @@ Source0:             http://download.lighttpd.net/lighttpd/releases-1.4.x/lightt
 Source1:             lighttpd.logrotate
 Source2:             php.d-lighttpd.ini
 Source3:             lighttpd.service
-Patch0:              lighttpd-1.4.65-defaultconf.patch
+Patch0:              lighttpd-1.4.77-defaultconf.patch
 Requires:            %{name}-filesystem system-logos
 Requires(post):      systemd
 Requires(preun):     systemd
@@ -269,7 +269,7 @@ Summary:             WebDAV module for lighttpd
 Requires:            %{name} = %{version}-%{release}
 %{?with_webdavprops:BuildRequires: libxml2-devel}
 %{?with_webdavprops:BuildRequires: sqlite-devel}
-%{?with_webdavlocks:BuildRequires: libuuid-devel}
+%{?with_webdavlocks:BuildRequires: libxml2-devel}
 %{?with_webdavlocks:BuildRequires: sqlite-devel}
 
 %description mod_webdav
@@ -286,7 +286,7 @@ for the directories.
 
 %prep
 %setup -q
-%patch0 -p0 -b .defaultconf
+%patch -P 0 -b .defaultconf
 
 %build
 autoreconf -if
@@ -359,7 +359,7 @@ mkdir -p %{buildroot}%{_var}/lib/lighttpd/
 %files
 %license COPYING
 %doc AUTHORS README
-%doc config/ doc/scripts/rrdtool-graph.sh
+%doc config/ doc/scripts/cert-staple.sh doc/scripts/rrdtool-graph.sh
 %config(noreplace) %{_sysconfdir}/lighttpd/*.conf
 %config(noreplace) %{_sysconfdir}/lighttpd/conf.d/*.conf
 %exclude %{_sysconfdir}/lighttpd/conf.d/deflate.conf
@@ -394,7 +394,7 @@ mkdir -p %{buildroot}%{_var}/lib/lighttpd/
 %{_mandir}/man8/lighttpd*8*
 
 %files fastcgi
-%doc doc/outdated/fastcgi*.txt doc/scripts/spawn-php.sh
+%doc doc/outdated/fastcgi*.txt
 %config(noreplace) %{_sysconfdir}/php.d/lighttpd.ini
 %config(noreplace) %{_sysconfdir}/lighttpd/conf.d/fastcgi.conf
 
@@ -518,6 +518,15 @@ mkdir -p %{buildroot}%{_var}/lib/lighttpd/
 %attr(0700, lighttpd, lighttpd) %dir %{webroot}/
 
 %changelog
+* Tue Jan 14 2025 yaoxin <1024769339@qq.com> - 1.4.77-1
+- Update to 1.4.77:
+  * stronger TLS defaults: MinProtocol TLSv1.3; experimental TLS ECH support
+  * lighttpd TLS defaults: MinProtocol TLSv1.3 Other configurations are still supported, but are
+    not the default. Previous default: MinProtocol TLSv1.2 Current default: MinProtocol TLSv1.3
+  * lighttpd TLS defaults now limit TLSv1.3 Groups to the IANA “Recommended” set: “X25519:P-256:P-384:X448”
+    (https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8) Configure
+    Groups/Curves using ssl.openssl.ssl-conf-cmd += (“Groups” => “…”)
+
 * Fri Oct 27 2023 liyanan <liyanan61@h-parners.com> - 1.4.72-1
 - Update to 1.4.72