diff --git a/boring-nginx/Dockerfile b/boring-nginx/Dockerfile
index a56b441..a676c36 100644
--- a/boring-nginx/Dockerfile
+++ b/boring-nginx/Dockerfile
@@ -85,8 +85,6 @@ RUN NB_CORES=${BUILD_CORES-$(getconf _NPROCESSORS_CONF)} \
  && if [ "${FINGERPRINT}" != "${GPG_NGINX}" ]; then echo "Warning! Wrong GPG fingerprint!" && exit 1; fi \
  && echo "All seems good, now unpacking ${NGINX_TARBALL}..." \
  && tar xzf ${NGINX_TARBALL} && cd nginx-${NGINX_VERSION} \
- && wget -q https://raw.githubusercontent.com/cujanovic/nginx-dynamic-tls-records-patch/master/nginx__dynamic_tls_records_1.13.0%2B.patch -O dynamic_records.patch \
- && patch -p1 < dynamic_records.patch \
  && ./configure \
     --prefix=/etc/nginx \
     --sbin-path=/usr/sbin/nginx \
diff --git a/boring-nginx/tls13.patch b/boring-nginx/tls13.patch
deleted file mode 100644
index cc0d728..0000000
--- a/boring-nginx/tls13.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From cfc32a1e540e4f542egggd3008 Mon Sep 17 00:00:00 2001
-From: Buik / Bassie <bassie@buik.locale>
-Date: Tue, 09 Apr 2018 12:55:23 +0800
-
-Subject: [PATCH] Enable TLS 1.3 on BoringSSL
-
-Enable TLS 1.3 on BoringSSL.
-Tested on Nginx 1.13.11 with BoringSSL chromium-stable and BoringSSL master (git branch April 09 2018)
-
---- 
- s3_lib.cc       | 2 +-
- ssl_test.cc     | 4 ++--
- ssl_versions.cc | 2 +-
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/ssl/s3_lib.cc b/ssl/s3_lib.cc
-index a3fc8d7..b28bbc8 100644
---- a/ssl/s3_lib.cc
-+++ b/ssl/s3_lib.cc
-@@ -201,7 +201,7 @@ bool ssl3_new(SSL *ssl) {
-   // TODO(davidben): Move this field into |s3|, have it store the normalized
-   // protocol version, and implement this pre-negotiation quirk in |SSL_version|
-   // at the API boundary rather than in internal state.
--  ssl->version = TLS1_2_VERSION;
-+  ssl->version = TLS1_3_VERSION;
-   return true;
- }
- 
-diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
-index 12f044c..cfc4af1 100644
---- a/ssl/ssl_test.cc
-+++ b/ssl/ssl_test.cc
-@@ -2607,7 +2607,7 @@ TEST(SSLTest, SetVersion) {
- 
-   // Zero is the default version.
-   EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
--  EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
-+  EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
-   EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
-   EXPECT_EQ(TLS1_VERSION, ctx->conf_min_version);
- 
-@@ -2640,7 +2640,7 @@ TEST(SSLTest, SetVersion) {
-   EXPECT_FALSE(SSL_CTX_set_min_proto_version(ctx.get(), 0x1234));
- 
-   EXPECT_TRUE(SSL_CTX_set_max_proto_version(ctx.get(), 0));
--  EXPECT_EQ(TLS1_2_VERSION, ctx->conf_max_version);
-+  EXPECT_EQ(TLS1_3_VERSION, ctx->conf_max_version);
-   EXPECT_TRUE(SSL_CTX_set_min_proto_version(ctx.get(), 0));
-   EXPECT_EQ(TLS1_1_VERSION, ctx->conf_min_version);
- }
-diff --git a/ssl/ssl_versions.cc b/ssl/ssl_versions.cc
-index 73ea26f..da10cb2 100644
---- a/ssl/ssl_versions.cc
-+++ b/ssl/ssl_versions.cc
-@@ -189,7 +189,7 @@ static bool set_max_version(const SSL_PROTOCOL_METHOD *method, uint16_t *out,
-                             uint16_t version) {
-   // Zero is interpreted as the default maximum version.
-   if (version == 0) {
--    *out = TLS1_2_VERSION;
-+    *out = TLS1_3_VERSION;
-     return true;
-   }
-