--- slug: "Curl,Python,PHPでHTTPS接続する際固まるサイトがあるので、TLS1.2を使わないようにする" title: "Avoid using TLS 1.2 for certain websites that freeze during HTTPS connections with Curl, Python, and PHP" description: "\n\n\nAs I wrote in this article http://b.ytyng.com/a-61/, when you make an HTTPS connection with OpenSSL 1.0.1f and attempt to connect using TLS1.2 by issuing a hello, certain sites may freeze in response." url: "https://www.ytyng.com/en/blog/Curl,Python,PHPでHTTPS接続する際固まるサイトがあるので、TLS1.2を使わないようにする" publish_date: "2015-06-11T06:28:25Z" created: "2015-06-11T06:28:25Z" updated: "2026-02-27T10:42:57.347Z" categories: ["Linux"] keywords: "" featured_image_url: "https://media.ytyng.com/resize/20230812/4e34fb5a2245414fad95d1a2ca59654e.png.webp?width=768" has_video: false has_music: false video_urls: [] music_urls: [] lang: "en" --- # Avoid using TLS 1.2 for certain websites that freeze during HTTPS connections with Curl, Python, and PHP

As I wrote in this article http://b.ytyng.com/a-61/, when you make an HTTPS connection with OpenSSL 1.0.1f and attempt to connect using TLS1.2 by issuing a hello, certain sites may freeze in response.

(OpenSSL 1.0.1f is the latest default version for Ubuntu 14.04, 15.04, etc. If you are using 1.0.1g, this issue might be resolved)

In such cases, you can avoid the issue by connecting without using TLS1.2.

Here’s how to avoid using TLS1.2 (forcing TLS1.0) with curl, Python, and PHP.

curl

$ curl -vv "https://hoge.example.com/"  # URL is hypothetical
* Hostname was NOT found in DNS cache
*   Trying xxx.xxx.xxx.xxx...
* Connected to hoge.example.com (xxx.xxx.xxx.xxx) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):

It freezes here

Not using TLS1.2 (forcing TLS1.0)

$ curl -vv "https://hoge.example.com/" --tlsv1.0

It doesn't freeze!

python3.4 + requests

# import requests
r = requests.get('https://hoge.example.com/')
It freezes!

↓ Not using TLS1.2 (forcing TLS1.0)

import requests

from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
import ssl

class MyAdapter(HTTPAdapter):
    def init_poolmanager(self, connections, maxsize, block=False):
        self.poolmanager = PoolManager(
            num_pools=connections,
            maxsize=maxsize,
            block=block,
            ssl_version=ssl.PROTOCOL_TLSv1)

s = requests.Session()
s.mount('https://', MyAdapter())

r = s.get("https://hoge.example.com/")
It doesn't freeze!

Reference:

Choosing The SSL Version In Python Requests • Lukasa's Echochamber https://lukasa.co.uk/2013/01/Choosing_SSL_Version_In_Requests/

PHP5.6

$html = file_get_contents('https://hoge.example.com/');
It freezes!

↓ Not using TLS1.2 (forcing TLS1.0)

$ctx = stream_context_create([
    'ssl' => [
        'crypto_method' => STREAM_CRYPTO_METHOD_TLSv1_0_CLIENT,
    ],
]);
$html = file_get_contents('https://hoge.example.com/', false, $ctx);
It doesn't freeze!

Reference:

PHP: Changes related to OpenSSL in PHP 5.6.x - Manual http://php.net/manual/ja/migration56.openssl.php