diff --git a/component/python-2.7/buildout.cfg b/component/python-2.7/buildout.cfg
index b0743db365bf4afe497f24c69205839e778c4707..29958b966ea70afb34b0321f23c517178ee344f9 100644
--- a/component/python-2.7/buildout.cfg
+++ b/component/python-2.7/buildout.cfg
@@ -27,9 +27,9 @@ python = python2.7
 
 [python2.7]
 recipe = slapos.recipe.cmmi
-package_version = 2.7.8
+package_version = 2.7.9
 package_version_suffix =
-md5sum = d235bdfa75b8396942e360a70487ee00
+md5sum = 38d530f7efc373d64a8fb1637e3baaa7
 
 # This is actually the default setting for prefix, but we can't use it in
 # other settings in this part if we don't set it explicitly here.
@@ -39,8 +39,6 @@ executable = ${:prefix}/bin/python${:version}
 
 patch-options = -p1
 patches =
-  ${:_profile_base_location_}/tls_sni.patch#c95af105e6e96aaa58a50137595872a0
-  ${:_profile_base_location_}/tls_sni_httplib.patch#5c9d00d23b85169df792a936a056cbcc
   ${:_profile_base_location_}/fix_compiler_module_issue_20613.patch#94443a77f903e9de880a029967fa6aa7
 url =
   http://python.org/ftp/python/${:package_version}/Python-${:package_version}${:package_version_suffix}.tar.xz
diff --git a/component/python-2.7/tls_sni.patch b/component/python-2.7/tls_sni.patch
deleted file mode 100644
index 04f5a3fc3f14b0fd360e073565ffe8bce50d4034..0000000000000000000000000000000000000000
--- a/component/python-2.7/tls_sni.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-Description: Support TLS SNI extension in ssl module
-Author: markk
-Bug-Python: http://bugs.python.org/issue5639
-
---- a/Lib/ssl.py
-+++ b/Lib/ssl.py
-@@ -202,6 +202,7 @@
-     def __init__(self, sock, keyfile=None, certfile=None,
-                  server_side=False, cert_reqs=CERT_NONE,
-                  ssl_version=PROTOCOL_SSLv23, ca_certs=None,
-+                 server_hostname=None,
-                  do_handshake_on_connect=True,
-                  suppress_ragged_eofs=True, ciphers=None):
-         # Can't use sock.type as other flags (such as SOCK_NONBLOCK) get
-@@ -238,6 +239,7 @@
-             self._sslobj = _ssl.sslwrap(self._sock, server_side,
-                                         keyfile, certfile,
-                                         cert_reqs, ssl_version, ca_certs,
-+                                        server_hostname,
-                                         ciphers)
-             if do_handshake_on_connect:
-                 self.do_handshake()
-@@ -246,6 +248,7 @@
-         self.cert_reqs = cert_reqs
-         self.ssl_version = ssl_version
-         self.ca_certs = ca_certs
-+        self.server_hostname = server_hostname
-         self.ciphers = ciphers
-         self.do_handshake_on_connect = do_handshake_on_connect
-         self.suppress_ragged_eofs = suppress_ragged_eofs
-@@ -411,7 +414,7 @@
-             raise ValueError("attempt to connect already-connected SSLSocket!")
-         self._sslobj = _ssl.sslwrap(self._sock, False, self.keyfile, self.certfile,
-                                     self.cert_reqs, self.ssl_version,
--                                    self.ca_certs, self.ciphers)
-+                                    self.ca_certs, self.server_hostname, self.ciphers)
-         try:
-             if return_errno:
-                 rc = socket.connect_ex(self, addr)
-@@ -452,6 +455,7 @@
-                               cert_reqs=self.cert_reqs,
-                               ssl_version=self.ssl_version,
-                               ca_certs=self.ca_certs,
-+                              server_hostname=None,
-                               ciphers=self.ciphers,
-                               do_handshake_on_connect=self.do_handshake_on_connect,
-                               suppress_ragged_eofs=self.suppress_ragged_eofs),
-@@ -566,7 +570,7 @@
-         sock = sock._sock
- 
-     ssl_sock = _ssl.sslwrap(sock, 0, keyfile, certfile, CERT_NONE,
--                            PROTOCOL_SSLv23, None)
-+                            PROTOCOL_SSLv23, None, None, None)
-     try:
-         sock.getpeername()
-     except socket_error:
---- a/Modules/_ssl.c
-+++ b/Modules/_ssl.c
-@@ -267,7 +267,7 @@
-                enum py_ssl_server_or_client socket_type,
-                enum py_ssl_cert_requirements certreq,
-                enum py_ssl_version proto_version,
--               char *cacerts_file, char *ciphers)
-+               char *cacerts_file, char *server_hostname, char *ciphers)
- {
-     PySSLObject *self;
-     char *errstr = NULL;
-@@ -389,6 +389,14 @@
- 
-     PySSL_BEGIN_ALLOW_THREADS
-     self->ssl = SSL_new(self->ctx); /* New ssl struct */
-+#if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT)
-+    /* If SNI isn't supported, we just don't call it and fail silently,
-+     * as there's not much else we can do.
-+     */
-+    if ((socket_type == PY_SSL_CLIENT) &&
-+             (proto_version != PY_SSL_VERSION_SSL2) && server_hostname)
-+        SSL_set_tlsext_host_name(self->ssl, server_hostname);
-+#endif
-     PySSL_END_ALLOW_THREADS
-     SSL_set_fd(self->ssl, Sock->sock_fd);       /* Set the socket for SSL */
- #ifdef SSL_MODE_AUTO_RETRY
-@@ -431,15 +439,16 @@
-     char *key_file = NULL;
-     char *cert_file = NULL;
-     char *cacerts_file = NULL;
-+    char *server_hostname = NULL;
-     char *ciphers = NULL;
- 
--    if (!PyArg_ParseTuple(args, "O!i|zziizz:sslwrap",
-+    if (!PyArg_ParseTuple(args, "O!i|zziizzz:sslwrap",
-                           PySocketModule.Sock_Type,
-                           &Sock,
-                           &server_side,
-                           &key_file, &cert_file,
-                           &verification_mode, &protocol,
--                          &cacerts_file, &ciphers))
-+                          &cacerts_file, &server_hostname, &ciphers))
-         return NULL;
- 
-     /*
-@@ -452,13 +461,13 @@
- 
-     return (PyObject *) newPySSLObject(Sock, key_file, cert_file,
-                                        server_side, verification_mode,
--                                       protocol, cacerts_file,
-+                                       protocol, cacerts_file, server_hostname,
-                                        ciphers);
- }
- 
- PyDoc_STRVAR(ssl_doc,
- "sslwrap(socket, server_side, [keyfile, certfile, certs_mode, protocol,\n"
--"                              cacertsfile, ciphers]) -> sslobject");
-+"                              cacertsfile, ciphers, server_hostname]) -> sslobject");
- 
- /* SSL object methods */
- 
diff --git a/component/python-2.7/tls_sni_httplib.patch b/component/python-2.7/tls_sni_httplib.patch
deleted file mode 100644
index 260f32850716783936c29e8dbf236746b4cd540f..0000000000000000000000000000000000000000
--- a/component/python-2.7/tls_sni_httplib.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Author: Arnaud Fontaine <arnaud.fontaine@nexedi.com>
-Description: Enable TLS SNI support for httplib
-
---- a/Lib/httplib.py	2014-07-31 14:50:21.178088529 +0900
-+++ b/Lib/httplib.py	2014-07-31 20:11:09.279081382 +0900
-@@ -1195,7 +1195,12 @@
-             if self._tunnel_host:
-                 self.sock = sock
-                 self._tunnel()
--            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
-+                server_hostname = self._tunnel_host
-+            else:
-+                server_hostname = self.host
-+
-+            self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file,
-+                                        server_hostname=server_hostname)
- 
-     __all__.append("HTTPSConnection")
- 
---- a/Lib/ssl.py	2014-07-31 19:33:21.911968158 +0900
-+++ b/Lib/ssl.py	2014-07-31 19:33:57.428391985 +0900
-@@ -481,14 +481,15 @@
-                 server_side=False, cert_reqs=CERT_NONE,
-                 ssl_version=PROTOCOL_SSLv23, ca_certs=None,
-                 do_handshake_on_connect=True,
--                suppress_ragged_eofs=True, ciphers=None):
-+                suppress_ragged_eofs=True, ciphers=None,
-+                server_hostname=None):
- 
-     return SSLSocket(sock, keyfile=keyfile, certfile=certfile,
-                      server_side=server_side, cert_reqs=cert_reqs,
-                      ssl_version=ssl_version, ca_certs=ca_certs,
-                      do_handshake_on_connect=do_handshake_on_connect,
-                      suppress_ragged_eofs=suppress_ragged_eofs,
--                     ciphers=ciphers)
-+                     ciphers=ciphers, server_hostname=server_hostname)
- 
- 
- # some utility functions