Problem with SSL-requests to api.wordpress.org from a specific subnet (?)

Hello,

currently I am experiencing problems reaching https://api.wordpress.org/ from some servers I have access to, that belong to the following subnet:

5.1.76.0/24

How did I find out about the problem? In the webservers logs, there appeared:

Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /var/www/page/wp-includes/update.php on line 130

cURL via HTTP/Port 80 seems fine:

curl http://api.wordpress.org/core/version-check/1.7/
{"offers":[{"response":"upgrade","download":"http:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1.zip","locale":"en_US","packages":{"full":"http:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1.zip","no_content":"http:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1-no-content.zip","new_bundled":"http:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1-new-bundled.zip","partial":false,"rollback":false},"current":"4.7.1","version":"4.7.1","php_version":"5.2.4","mysql_version":"5.0","new_bundled":"4.7","partial_version":false}],"translations":[],"ttl":7200}

cURL via HTTPS/Port 443 times out:

curl https://api.wordpress.org/core/version-check/1.7/

Now, it could be some kind of local problem (for example with ca-certificates). So lets use cURL with the “-k/–insecure”-option, which also times out:

curl -k https://api.wordpress.org/core/version-check/1.7/

Now lets switch machines to a completely different geographical location, different subnet (31.170.105.0/24) and different routing:

curl https://api.wordpress.org/core/version-check/1.7/
{"offers":[{"response":"upgrade","download":"https:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1.zip","locale":"en_US","packages":{"full":"https:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1.zip","no_content":"https:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1-no-content.zip","new_bundled":"https:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1-new-bundled.zip","partial":false,"rollback":false},"current":"4.7.1","version":"4.7.1","php_version":"5.2.4","mysql_version":"5.0","new_bundled":"4.7","partial_version":false},{"response": [...]

I also verified that without curl. telnet via HTTP/Port 80:

telnet api.wordpress.org 80
Trying 66.155.40.188...
Connected to api.wordpress.org.
Escape character is '^]'.
GET /core/version-check/1.7/ HTTP/1.1
HOST: api.wordpress.org

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 26 Jan 2017 08:12:36 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN

243
{"offers":[{"response":"upgrade","download":"http:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1.zip","locale":"en_US","packages":{"full":"http:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1.zip","no_content":"http:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1-no-content.zip","new_bundled":"http:\/\/downloads.wordpress.org\/release\/wordpress-4.7.1-new-bundled.zip","partial":false,"rollback":false},"current":"4.7.1","version":"4.7.1","php_version":"5.2.4","mysql_version":"5.0","new_bundled":"4.7","partial_version":false}],"translations":[],"ttl":7200}

Also also using openssl s_client for HTTPS/Port 443 (result: timeout):

openssl s_client -connect api.wordpress.org:443
CONNECTED(00000003)

Is there some kind of filtering in front of api.wordpress.org which could drop any packages or do you have any other idea about that problem?