It's not even true that open source SSL is a monoculture. There are two critically important open source TLS implementations, not one (NSS and OpenSSL), and that's not counting SecureTransport (Apple's open-source implementation).
I don't think there's a single part of your argument that really survives scrutiny. Your central point is false, as are its premises. To the extent that a large portion of the Internet uses one TLS implementation, that's often been as helpful as harmful. And the "monoculture" you're decrying is counterfeit: you seem to think OpenSSL is the only credible option, but Chromium and Firefox disagree with you.
Aren't two of the three implementations you're mentioning mainly used in clients though? Most Linux boxes are not used as clients, and so there is a monoculture of Linux server security.
You, rightly, mentioned NSS elsewhere, but do people actually use this on servers in any great number? I guess you could argue that Apache and Nginx shipping OpenSSL as the default option for https is the problem, in which case shouldn't we change that, or is there something else about OpenSSL that prevents people from using NSS?
NSS implements both the client and server side of TLS. And OpenSSL and NSS aren't the only options; if X.509 bugs are more your style, you could try PolarSSL or MatrixSSL:
Fill in the blank: 50% of the things being compromised is ______% as bad as all the things being compromised.
Sometimes a partial compromise is easy to deal with, and the number in the blank is way less than 50. Lots of diverse things is good.
Sometimes half the units being compromised is almost as bad as all the units being compromised. Lots of diverse things is a bad thing in this environment.
I don't think there's a single part of your argument that really survives scrutiny. Your central point is false, as are its premises. To the extent that a large portion of the Internet uses one TLS implementation, that's often been as helpful as harmful. And the "monoculture" you're decrying is counterfeit: you seem to think OpenSSL is the only credible option, but Chromium and Firefox disagree with you.