diff --git a/0011-curl-7.24.0-9d0af301.patch b/0011-curl-7.24.0-9d0af301.patch
new file mode 100644
index 0000000..5276cd1
--- /dev/null
+++ b/0011-curl-7.24.0-9d0af301.patch
@@ -0,0 +1,95 @@
+From e1c165274e09ecc0b92f5f1eaf8c953522df6978 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Tue, 5 Mar 2013 17:51:01 +0100
+Subject: [PATCH 1/2] nss: fix misplaced code enabling non-blocking socket mode
+
+The option needs to be set on the SSL socket.  Setting it on the model
+takes no effect.  Note that the non-blocking mode is still not enabled
+for the handshake because the code is not yet ready for that.
+
+[upstream commit 9d0af3018c5db25f5adda216dbcad6056b4a3107]
+---
+ lib/nss.c |   12 ++++++------
+ 1 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index ff3afd5..d57ac1a 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1218,12 +1218,6 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+     goto error;
+   model = SSL_ImportFD(NULL, model);
+ 
+-  /* make the socket nonblocking */
+-  sock_opt.option = PR_SockOpt_Nonblocking;
+-  sock_opt.value.non_blocking = PR_TRUE;
+-  if(PR_SetSocketOption(model, &sock_opt) != PR_SUCCESS)
+-    goto error;
+-
+   if(SSL_OptionSet(model, SSL_SECURITY, PR_TRUE) != SECSuccess)
+     goto error;
+   if(SSL_OptionSet(model, SSL_HANDSHAKE_AS_SERVER, PR_FALSE) != SECSuccess)
+@@ -1385,6 +1379,12 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
+     goto error;
+   }
+ 
++  /* switch the SSL socket into non-blocking mode */
++  sock_opt.option = PR_SockOpt_Nonblocking;
++  sock_opt.value.non_blocking = PR_TRUE;
++  if(PR_SetSocketOption(connssl->handle, &sock_opt) != PR_SUCCESS)
++    goto error;
++
+   connssl->state = ssl_connection_complete;
+   conn->recv[sockindex] = nss_recv;
+   conn->send[sockindex] = nss_send;
+-- 
+1.7.1
+
+
+From 80f5359c64efac416dd9ca3e26a333e27fc12ea0 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 7 May 2013 23:30:52 +0200
+Subject: [PATCH 2/2] nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_Send
+
+Reported by: David Strauss
+Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html
+
+[upstream commit 01a2abedd7e3a2075de70979003302313570c58c]
+
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/nss.c |   11 ++++-------
+ 1 files changed, 4 insertions(+), 7 deletions(-)
+
+diff --git a/lib/nss.c b/lib/nss.c
+index d57ac1a..71b4ad7 100644
+--- a/lib/nss.c
++++ b/lib/nss.c
+@@ -1449,10 +1449,8 @@ static ssize_t nss_send(struct connectdata *conn,  /* connection data */
+                         size_t len,                /* amount to write */
+                         CURLcode *curlcode)
+ {
+-  int rc;
+-
+-  rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0, -1);
+-
++  ssize_t rc = PR_Send(conn->ssl[sockindex].handle, mem, (int)len, 0,
++                       PR_INTERVAL_NO_WAIT);
+   if(rc < 0) {
+     PRInt32 err = PR_GetError();
+     if(err == PR_WOULD_BLOCK_ERROR)
+@@ -1480,9 +1478,8 @@ static ssize_t nss_recv(struct connectdata * conn, /* connection data */
+                         size_t buffersize,         /* max amount to read */
+                         CURLcode *curlcode)
+ {
+-  ssize_t nread;
+-
+-  nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0, -1);
++  ssize_t nread = PR_Recv(conn->ssl[num].handle, buf, (int)buffersize, 0,
++                          PR_INTERVAL_NO_WAIT);
+   if(nread < 0) {
+     /* failed SSL read */
+     PRInt32 err = PR_GetError();
+-- 
+1.7.1
+
diff --git a/curl.spec b/curl.spec
index 20c48de..6922763 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.24.0
-Release: 8%{?dist}
+Release: 9%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
@@ -38,6 +38,9 @@ Patch9: 0009-curl-7.24.0-25e577b3.patch
 # prevent an artificial timeout event due to stale speed-check data (#906031)
 Patch10: 0010-curl-7.24.0-b37b5233.patch
 
+# switch SSL socket into non-blocking mode after handshake (#960765)
+Patch11: 0011-curl-7.24.0-9d0af301.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.21.1-multilib.patch
 
@@ -147,6 +150,7 @@ done
 %patch8 -p1
 %patch9 -p1
 %patch10 -p1
+%patch11 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -260,6 +264,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Thu May 09 2013 Kamil Dudka <kdudka@redhat.com> 7.24.0-9
+- switch SSL socket into non-blocking mode after handshake (#960765)
+
 * Fri Apr 26 2013 Kamil Dudka <kdudka@redhat.com> 7.24.0-8
 - prevent an artificial timeout event due to stale speed-check data (#906031)
 - show proper host name on failed resolve (#957173)