Well, perhaps this wasn't a Perl problem, but there's a Perl solution (of course!)

There appears to be a problem with OpenSSL 1.0.1 where attempting to autonegotiate with TLS1.1 (or 1.2???) with some servers causes those servers to drop the connection and reject the request. See:

https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=665452

According to the bug ticket, they say it is "fixed" for Paypal in Debian OpenSSL 1.0.1b, but I'm running 1.0.1c-3 and still experience the problem. I don't know if that means it's fixed for www.paypal.com but not payflowpro.paypal.com, or what.

SOLUTION: Setting $ENV{HTTPS_VERSION} = 3; to force SSL3 seems to fix the problem, at least for Crypt::SSLeay.

Presumably this works because it does not attempt to negotiate TLS1.1, and just uses SSL3.

Testing with openssl s_client, it works with the options -ssl3, -tls1, and -no_tls1, so it must be a negotiation problem, in my opinion.

Anyway, that's a workaround, at least.

Different problem, but same solution: http://www.perlmonks.org/?node_id=746493