I would suggest using the OpenSSL client directly on the machine to rule out PHP & Curl:
openssl version -a
echo | openssl s_client -connect community.hostname.example:443 -servername community.hostname.example(The "-servername ..." flag is essential because we are rolling out a requirement that SNI is used for all HTTPS requests. Your community may already require SNI.)
If you see this working, the problem may be in your PHP + curl setup, or perhaps curl itself needs an update because there have been fixed bugs around TLS handshakes.
If it fails, the OpenSSL connect output should give you better information to diagnose the issue.
Aside: Even if the old OpenSSL is not the cause, I recommend trying to have a plan to upgrade as it is one of the more important pieces of maintenance -- security is a moving target and your versions have known vulnerabilities (famously, Heartbleed).
Thanks a lot, Andrew for explaining in detail.
