diff --git a/Jamfile b/Jamfile
index 726637487..ba51a7be5 100644
--- a/Jamfile
+++ b/Jamfile
@@ -538,8 +538,8 @@ lib libiconv : : <name>iconv <link>shared <search>/usr/local/lib ;
 # openssl on linux/bsd/macos etc.
 lib gcrypt : : <name>gcrypt <link>shared <search>/opt/local/lib ;
 lib z : : <link>shared <name>z <search>/usr/lib ;
-lib crypto : : <name>crypto <link>shared <search>/usr/lib <use>z ;
-lib ssl : : <name>ssl <link>shared <use>crypto <search>/opt/local/lib ;
+lib crypto : : <name>crypto <link>shared <search>/usr/lib <use>z : : <include>/opt/local/include ;
+lib ssl : : <name>ssl <link>shared <use>crypto <search>/opt/local/lib : : <include>/opt/local/include ;
 lib dl : : <link>shared <name>dl ;
 
 # time functions used on linux require librt
diff --git a/src/utp_stream.cpp b/src/utp_stream.cpp
index f85412ef3..bf6d791bd 100644
--- a/src/utp_stream.cpp
+++ b/src/utp_stream.cpp
@@ -3572,9 +3572,16 @@ void utp_socket_impl::tick(time_point now)
 		// TIMEOUT!
 		// set cwnd to 1 MSS
 
-		m_sm->inc_stats_counter(counters::utp_timeout);
-
-		if (m_outbuf.size()) ++m_num_timeouts;
+		// the close_reason here is a bit of a hack. When it's set, it indicates
+		// that the upper layer intends to close the socket. However, it has been
+		// observed that the SSL shutdown sometimes can hang in a state where
+		// there's no outstanding data, and it won't receive any more from the
+		// other end. This catches that case and let the socket time out.
+		if (m_outbuf.size() || m_close_reason != 0)
+		{
+			++m_num_timeouts;
+			m_sm->inc_stats_counter(counters::utp_timeout);
+		}
 
 		UTP_LOGV("%8p: timeout num-timeouts: %d max-resends: %d confirmed: %d "
 			" acked-seq-num: %d mtu-seq: %d\n"