Red Hat have an update available for their affected 6.7 release: https://rhn.redhat.com/errata/RHBA-2015-1829.html If you're running CentOS 6.7, you're likely out of luck until 6.8 becomes available: https://bugs.centos.org/view.php?id=9295 (That bug report has seemingly been ignored.) As this is making a lot of noise with Android 6.0 (Marshmallow), please consider releasing a 3.x and discretionary, under protest 2.x release sooner rather than later to close the loop of known possible issues: https://code.google.com/p/android/issues/detail?id=188867 https://code.google.com/p/android-developer-preview/issues/detail?id=2136 I agree that there aren't likely to be many sites using OpenSSL 1.0.2 at this point in time, worth nipping in the bud though.