SSL and certificate issues when using almalinux with external telecom sites?

Hi everyone, I’m using almalinux on a server that connects to a few external telecom-related services, and I’ve started seeing ssl warnings and handshake failures in my logs.

For example, when pulling info about telenor call packages, some requests fail with certificate or tls version errors even though the same links open fine in a browser. It makes me think the system ca bundle, openssl version, or curl settings on almalinux might be involved.

Has anyone run into similar tls or certificate problems on almalinux when talking to third-party sites? I’d appreciate any tips on what to check or tweak.

In AlmaLinux 9.7, OpenSSL has been updated, and as a result of changes to the default TLS settings and the handling of cipher suites/groups, it is highly likely that TLS negotiation with the other site (especially older devices and middleboxes) will be difficult to establish. The conclusion is that while browsers pass through with a different stack or fallback, failures become apparent with curl/openssl.