diff --git a/0067-curl-7.61.1-ntlm-force-http-1-1.patch b/0067-curl-7.61.1-ntlm-force-http-1-1.patch
new file mode 100644
index 0000000..2ddace4
--- /dev/null
+++ b/0067-curl-7.61.1-ntlm-force-http-1-1.patch
@@ -0,0 +1,42 @@
+From cbea2fd2c74feabeb6f13b3e3df243b225b3b3ab Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <johannes.schindelin@gmx.de>
+Date: Thu, 6 Dec 2018 17:26:13 +0100
+Subject: [PATCH] NTLM: force the connection to HTTP/1.1
+
+Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces
+the capability. However, NTLM authentication only works with HTTP/1.1,
+and will likely remain in that boat (for details, see
+https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported).
+
+When we just found out that we want to use NTLM, and when the current
+connection runs in HTTP/2 mode, let's force the connection to be closed
+and to be re-opened using HTTP/1.1.
+
+Fixes https://github.com/curl/curl/issues/3341.
+Closes #3345
+
+Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+---
+ lib/http.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/http.c b/lib/http.c
+index aed7aa80f..7be6f8b92 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -526,6 +526,12 @@ CURLcode Curl_http_auth_act(struct connectdata *conn)
+     pickhost = pickoneauth(&data->state.authhost, authmask);
+     if(!pickhost)
+       data->state.authproblem = TRUE;
++    if(data->state.authhost.picked == CURLAUTH_NTLM &&
++       conn->httpversion > 11) {
++      infof(data, "Forcing HTTP/1.1 for NTLM");
++      connclose(conn, "Force HTTP/1.1 connection");
++      conn->data->set.httpversion = CURL_HTTP_VERSION_1_1;
++    }
+   }
+   if(conn->bits.proxy_user_passwd &&
+      ((data->req.httpcode == 407) ||
+-- 
+2.50.0
+
diff --git a/curl.spec b/curl.spec
index 8e8c13f..0718243 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,7 +1,7 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.61.1
-Release: 34%{?dist}.7
+Release: 34%{?dist}.8
 License: MIT
 Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
 
@@ -193,6 +193,9 @@ Patch65:  0065-md5-hex-key.patch
 # crypto: ensure crypto initialization works
 Patch66:  0066-crypto-initialization.patch
 
+# NTLM: force the connection to HTTP/1.1
+Patch67:  0067-curl-7.61.1-ntlm-force-http-1-1.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -432,6 +435,7 @@ git apply %{PATCH52}
 %patch -P 64 -p1
 %patch -P 65 -p1
 %patch -P 66 -p1
+%patch -P 67 -p1
 
 # make tests/*.py use Python 3
 sed -e '1 s|^#!/.*python|#!%{__python3}|' -i tests/*.py
@@ -594,6 +598,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
 
 %changelog
+* Mon Jul 21 2025 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.8
+- NTLM: force the connection to HTTP/1.1 (RHEL-73788)
+
 * Wed Jul 09 2025 Jacek Migacz <jmigacz@redhat.com> - 7.61.1-34.el8_10.7
 * crypto: ensure crypto initialization works (RHEL-102601)