What version of Perl are you running and more specifically, are you using Crypt-SSLeay? The output generated by setting the environment variable seems to be an option of Crypt-SSLeay. In my version of Perl I am not using this module but IO::Socket::SSL which has a debug option as well

So I ran the following tests acivating debug for IO::Socket::SSL and setting SSL_version explicitly. It shows that SSLv3 is not supported.

use strict ;
use warnings ;
use IO::Socket::SSL qw(debug4);
use LWP::UserAgent ;
# my $ua = new LWP::UserAgent( ssl_opts => { verify_hostname => 0, SSL
+_version => 'TLSv1_1' } ); # Runs OK
my $ua = new LWP::UserAgent( ssl_opts => { verify_hostname => 0, SSL_v
+ersion => 'SSLv3' } ); # Fails
my $response = $ua->get( "https://www.google.com/" ) ;
if ( $response->is_success ) {
  # print $response->as_string;
} else {
  print "Something went wrong\n";
}
__END__
DEBUG:
.../IO/Socket/SSL.pm:598: global error: SSL Version SSLv3 not supporte
+d
Something went wrong
[download]

Further reading here: Crypt-SSLeay:

DO YOU NEED Crypt::SSLeay? ^ Starting with version 6.02 of LWP, https support was unbundled into LWP::Protocol::https. This module specifies as one of its prerequisites IO::Socket::SSL which is automatically used by LWP::UserAgent unless this preference is overridden separately. IO::Socket::SSL is a more complete implementation, and, crucially, it allows hostname verification. Crypt::SSLeay does not support this. At this point, Crypt::SSLeay is maintained to support existing software that already depends on it. However, it is possible that your software does not really depend on Crypt::SSLeay, only on the ability of LWP::UserAgent class to communicate with sites over SSL/TLS.

It's a very old system, I have:
perl v 5.8.8
Crypt::SSLeay 0.51
LWP::UserAgent 2.033
OpenSSL 0.9.8e

I am wary of major upgrades because every time I've done a big upgrade, I run into bugs in the upgrade software that cause some type of serious damage that takes hours or sometimes days to fix. (By "bugs" I don't mean crashes; I mean messages where I do exactly what the message tells me to do; but it turns out the message *really* meant something else, and "everybody knows" that you're supposed to do the other thing, instead of what the message actually tells you to do, but I follow the directions literally and end up backed into some catastrophic problem.)

However, regardless of whether or not I "should" upgrade, the original question remains: if www.google.com does not support SSLv3, why do the output debug messages keep referring to SSLv3? The repro without perl:

openssl s_client -connect www.google.com:443 -state | grep -i "ssl"

shows:

SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=1 /C=US/O=Google Trust Services/CN=Google Internet Authority G3
verify error:num=20:unable to get local issuer certificate
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
SSL handshake has read 2450 bytes and written 447 bytes
New, TLSv1/SSLv3, Cipher is AES128-SHA
SSL-Session:

I see the line "TLSv1/SSLv3" and I've heard that TLS uses SSL certificates, so maybe these are the debug messages that you get when you are using TLS with SSLv3 certs. Is that probably it?

-

I know perlbrew only from hearsay, but think it could help you avoiding upgrade woes while getting benefits of newer versions.

OK yes I get the same results as you do, so that's a repro without using Perl.

I've heard that "TLS uses SSL certificates" (e.g. https://learntomato.com/what-is-a-vpn/ ). Although I'm not clear on the mechanics, is that what's going on -- TLS is a different protocol but it uses the public/private keys baked into SSLv3 certificates, and when the debug messages refer to "SSLv3", that's what they're referring to?

As far as I know, they're using the same cipher suites.
Why the debug messages refer to SSlv3 although TLS is used for the connection, no clue, sorry.

What I mean is that I assume SSL v3 has been disabled on www.google.com, since that's what diagnostic tools like https://sslanalyzer.comodoca.com/?url=www.google.com are reporting.

Is a proxy being used?