diff --git a/IO-Socket-SSL-2.016.tar.gz b/IO-Socket-SSL-2.016.tar.gz
deleted file mode 100644
index 3bc8fbd..0000000
--- a/IO-Socket-SSL-2.016.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:936268b3c152a4900f9c1762ab2e0aa3f84ed3a988e8e60aaad604beda7bfe41
-size 195529
diff --git a/IO-Socket-SSL-2.024.tar.gz b/IO-Socket-SSL-2.024.tar.gz
new file mode 100644
index 0000000..c442deb
--- /dev/null
+++ b/IO-Socket-SSL-2.024.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dab3125b004b24ff8dfc003aa81c00c0f976a1bc34a75e1d8d9de9de837ce6c9
+size 209567
diff --git a/perl-IO-Socket-SSL.changes b/perl-IO-Socket-SSL.changes
index 074b732..46ff555 100644
--- a/perl-IO-Socket-SSL.changes
+++ b/perl-IO-Socket-SSL.changes
@@ -1,3 +1,57 @@
+-------------------------------------------------------------------
+Fri Mar 11 10:14:57 UTC 2016 - coolo@suse.com
+
+- updated to 2.024
+   see /usr/share/doc/packages/perl-IO-Socket-SSL/Changes
+
+  2.024 2016/02/06
+  - Work around issue where the connect fails on systems having only a loopback
+    interface and where IO::Socket::IP is used as super class (default when
+    available). Since IO::Socket::IP sets AI_ADDRCONFIG by default connect to
+    localhost would fail on this systems. This happened at least for the tests,
+    see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=813796
+    Workaround is to explicitely set GetAddrInfoFlags to 0 if no GetAddrInfoFlags
+    is set but the Family/Domain is given. In this case AI_ADDRCONFIG would not
+    be useful anyway but would cause at most harm.
+  2.023 2016/01/30
+  - OpenSSL 1.0.2f changed the behavior of SSL shutdown in case the TLS connection
+    was not fully established (commit: f73c737c7ac908c5d6407c419769123392a3b0a9).
+    This somehow resulted in Net::SSLeay::shutdown returning 0 (i.e. keep trying)
+    which caused an endless loop. It will now ignore this result in case the TLS
+    connection was not yet established and consider the TLS connection closed
+    instead.
+  2.022 2015/12/10
+  - fix stringification of IPv6 inside subjectAltNames in Utils::CERT_asHash.
+    Thanks to Mark.Martinec[AT]ijs[DOT]si for reporting in #110253
+  2.021 2015/12/02
+  - Fixes for documentation and typos thanks to DavsX and jwilk.
+  - Update PublicSuffx with latest version from publicsuffix.org
+  2.020 2015/09/20
+  - support multiple directories in SSL_ca_path as proposed in RT#106711
+    by dr1027[AT]evocat[DOT]ne. Directories can be given as array or as string
+    with a path separator, see documentation.
+  - typos fixed thanks to jwilk https://github.com/noxxi/p5-io-socket-ssl/pull/34
+  2.019 2015/09/01
+  - work around different behavior of getnameinfo from Socket and Socket6 by
+    using a different wrapper depending on which module I use for IPv6.
+    Thanks to bluhm for reporting.
+  2.018 2015/08/27
+  - RT#106687 - startssl.t failed on darwin with old openssl since server 
+    requested client certificate but offered also anon ciphers
+  2.017 2015/08/24
+  - checks for readability of files/dirs for certificates and CA no longer use
+    -r because this is not safe when ACLs are used. Thanks to BBYRD, RT#106295
+  - new method sock_certificate similar to peer_certificate based on idea of
+    Paul Evans, RT#105733
+  - get_fingerprint can now take optional certificate as argument and compute
+    the fingerprint of it. Useful in connection with sock_certificate.
+  - check for both EWOULDBLOCK and EAGAIN since these codes are different on
+    some platforms. Thanks to Andy Grundman, RT#106573
+  - enforce default verification scheme if none was specified, i.e. no longer
+    just warn but accept. If really no verification is wanted a scheme of 
+    'none' must be explicitly specified.
+  - support different cipher suites per SNI hosts
+
 -------------------------------------------------------------------
 Tue Jul  7 18:54:46 UTC 2015 - coolo@suse.com
 
diff --git a/perl-IO-Socket-SSL.spec b/perl-IO-Socket-SSL.spec
index a8a0b2c..6695ece 100644
--- a/perl-IO-Socket-SSL.spec
+++ b/perl-IO-Socket-SSL.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package perl-IO-Socket-SSL
 #
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           perl-IO-Socket-SSL
-Version:        2.016
+Version:        2.024
 Release:        0
 %define cpan_name IO-Socket-SSL
 Summary:        Nearly transparent SSL encapsulation for IO::Socket::INET
@@ -27,7 +27,6 @@ Url:            http://search.cpan.org/dist/IO-Socket-SSL/
 Source0:        http://www.cpan.org/authors/id/S/SU/SULLR/%{cpan_name}-%{version}.tar.gz
 Source1:        cpanspec.yml
 Patch0:         perl-IO-Socket-SSL_add_DHE-RSA_to_default_client_cipher_list.patch
-Patch1:         perl-IO-Socket-SSL_fix_offline.patch
 BuildArch:      noarch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  perl
@@ -38,10 +37,10 @@ Requires:       perl(Net::SSLeay) >= 1.46
 
 %description
 IO::Socket::SSL makes using SSL/TLS much easier by wrapping the necessary
-functionality into the familiar the IO::Socket manpage interface and
-providing secure defaults whenever possible. This way, existing
-applications can be made SSL-aware without much effort, at least if you do
-blocking I/O and don't use select or poll.
+functionality into the familiar IO::Socket interface and providing secure
+defaults whenever possible. This way, existing applications can be made
+SSL-aware without much effort, at least if you do blocking I/O and don't
+use select or poll.
 
 But, under the hood, SSL is a complex beast. So there are lots of methods
 to make it do what you need if the default behavior is not adequate.
@@ -51,36 +50,34 @@ documentation carefully.
 
 The documentation consists of the following parts:
 
-* * the /"Essential Information About SSL/TLS" manpage
+* * "Essential Information About SSL/TLS"
 
-* * the /"Basic SSL Client" manpage
+* * "Basic SSL Client"
 
-* * the /"Basic SSL Server" manpage
+* * "Basic SSL Server"
 
-* * the /"Common Usage Errors" manpage
+* * "Common Usage Errors"
 
-* * the /"Common Problems with SSL" manpage
+* * "Common Problems with SSL"
 
-* * the /"Using Non-Blocking Sockets" manpage
+* * "Using Non-Blocking Sockets"
 
-* * the /"Advanced Usage" manpage
+* * "Advanced Usage"
 
-* * the /"Integration Into Own Modules" manpage
+* * "Integration Into Own Modules"
 
-* * the /"Description Of Methods" manpage
+* * "Description Of Methods"
 
 Additional documentation can be found in
 
-* * the IO::Socket::SSL::Intercept manpage - Doing Man-In-The-Middle with
-  SSL
+* * IO::Socket::SSL::Intercept - Doing Man-In-The-Middle with SSL
 
-* * the IO::Socket::SSL::Utils manpage - Useful functions for certificates
-  etc
+* * IO::Socket::SSL::Utils - Useful functions for certificates etc
 
 %prep
 %setup -q -n %{cpan_name}-%{version}
+find . -type f ! -name \*.pl -print0 | xargs -0 chmod 644
 %patch0 -p1
-%patch1 -p1
 
 %build
 %{__perl} Makefile.PL INSTALLDIRS=vendor