diff --git a/pkgs/development/python-modules/boto-1.9-python-2.7.patch b/pkgs/development/python-modules/boto-1.9-python-2.7.patch
new file mode 100644
index 00000000000..79ff9a7e4af
--- /dev/null
+++ b/pkgs/development/python-modules/boto-1.9-python-2.7.patch
@@ -0,0 +1,19 @@
+Fix Boto 1.9 on Python 2.7.
+
+https://github.com/boto/boto/commit/6760075073c34d6dddb7e13b80dfa8d09f0f4f79
+
+diff --git a/boto/connection.py b/boto/connection.py
+index c5779e2..71942f1 100644
+--- a/boto/connection.py
++++ b/boto/connection.py
+@@ -252,8 +252,9 @@ class AWSAuthConnection(object):
+             # versions, it would append ":443" to the hostname sent
+             # in the Host header and so we needed to make sure we
+             # did the same when calculating the V2 signature.  In 2.6
++            # (and higher!)
+             # it no longer does that.  Hence, this kludge.
+-            if sys.version[:3] == "2.6" and port == 443:
++            if sys.version[:3] in ('2.6', '2.7') and port == 443:
+                 signature_host = self.host
+             else:
+                 signature_host = '%s:%d' % (self.host, port)
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 2ca2e261a17..3c1622847be 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -156,6 +156,8 @@ let pythonPackages = python.modules // rec {
       sha1 = "00a033b0a593c3ca82927867950f73d88b831155";
     };
 
+    patches = [ ../development/python-modules/boto-1.9-python-2.7.patch ];
+
     meta = {
       homepage = http://code.google.com/p/boto/;