---
slug: "特定のwebサービスに、https(TLS1.2)で接続できない(固まる)場合"
title: "Cannot Connect to a Specific Web Service Using HTTPS (TLS 1.2) - Freezes"
description: "\n\n\nWhen attempting to communicate using TLS1.2 with a specific web server and OpenSSL versions 1.0.1a to 1.0.1f, OpenSSL may freeze."
url: "https://www.ytyng.com/en/blog/特定のwebサービスに、https(TLS1.2)で接続できない(固まる)場合"
publish_date: "2015-06-11T05:50:02Z"
created: "2015-06-11T05:50:02Z"
updated: "2026-02-26T20:39:08.883Z"
categories: ["Linux"]
keywords: ""
featured_image_url: "https://media.ytyng.com/resize/20230812/51d2e8f065f64b11a2ca1188d461fbac.png.webp?width=768"
has_video: false
has_music: false
video_urls: []
music_urls: []
lang: "en"
---

# Cannot Connect to a Specific Web Service Using HTTPS (TLS 1.2) - Freezes

<div class="document">


<p>When attempting to communicate using TLS1.2 with a specific web server and OpenSSL versions 1.0.1a to 1.0.1f, OpenSSL may freeze.</p>
<p>As of June 2015, OpenSSL 1.0.1f is the latest version available via apt for Ubuntu 14.04, Ubuntu 15.04, etc., and cannot be upgraded further through apt.</p>
<p>Here is the method to install the updated OpenSSL 1.0.1g.</p>
<div class="section" id="id1">
<h3>Status Before Installation</h3>
<p>OpenSSL Version</p>
<pre class="literal-block">$ openssl version
OpenSSL 1.0.1f 6 Jan 2014
</pre>
<p>SSL Connection Operation Test</p>
<pre class="literal-block">$ openssl s_client -connect hoge.example.com:443  # Placeholder site name
→ Freezes
</pre>
<p>Trying to connect while avoiding TLS1.2</p>
<pre class="literal-block">$ openssl s_client -connect home.example.com:443 -no_tls1_2
→ Connection successful
</pre>
</div>
<div class="section" id="id2">
<h3>Build &amp; Install</h3>
<pre class="literal-block">$ wget https://www.openssl.org/source/openssl-1.0.1g.tar.gz
$ tar -xzvf openssl-1.0.1g.tar.gz
$ cd openssl-1.0.1g
$ ./config
$ make
$ sudo make install_sw
$ sudo ln -sf /usr/local/ssl/bin/openssl \`which openssl\`
</pre>
<p>If you run make install here,</p>
<pre class="literal-block">cms.pod around line 457: Expected text after =item, not a number
cms.pod around line 461: Expected text after =item, not a number
cms.pod around line 465: Expected text after =item, not a number
cms.pod around line 470: Expected text after =item, not a number
cms.pod around line 474: Expected text after =item, not a number
POD document had syntax errors at /usr/bin/pod2man line 71.
make: *** [install_docs] Error 255
</pre>
<p>This causes the process to fail with errors. It appears to fail when building the man pages.
Therefore, use make install_sw, which does not build man pages.</p>
</div>
<div class="section" id="id3">
<h3>Operation Verification</h3>
<pre class="literal-block">$ openssl version
OpenSSL 1.0.1g 7 Apr 2014

$ openssl s_client -connect hoge.example.com:443
→ Connection successful!
</pre>
</div>
<div class="section" id="id4">
<h3>However</h3>
<p>This will upgrade OpenSSL, but if you need to update curl, PHP, Python, or other dependencies, you may need to rebuild them as well, which can be quite cumbersome.</p>
<p>If you encounter this bug with curl, PHP, or Python, it might be easier to modify those applications to avoid connecting with TLS1.2.</p>
<p>→ <a class="reference external" href="http://b.ytyng.com/a-62/">http://b.ytyng.com/a-62/</a>
How to avoid freezing sites when connecting with HTTPS using Curl, Python, PHP</p>
</div>
<div class="section" id="id5">
<h3>References</h3>
<p>How To Upgrade OpenSSL to 1.0.1g To Guard Against Heartbleed in Ubuntu ~ Bauer-Power Media
<a class="reference external" href="http://www.bauer-power.net/2014/05/how-to-upgrade-openssl-to-101g-to-guard.html#.VXaBpOdCLHM">http://www.bauer-power.net/2014/05/how-to-upgrade-openssl-to-101g-to-guard.html#.VXaBpOdCLHM</a></p>
<p>You might also consider installing with Linuxbrew</p>
<p>Recommendation of Linuxbrew - Qiita
<a class="reference external" href="http://qiita.com/thermes/items/926b478ff6e3758ecfea">http://qiita.com/thermes/items/926b478ff6e3758ecfea</a></p>
</div>
</div>