Comment 29 for bug 1958267

It's definitely the infrastructure that's using old TLS. As for the unsafe renegotiation, that happens because the server does not send a renegotiation_info extension in its ServerHello message. See https://datatracker.ietf.org/doc/html/rfc5746. See specifically section 4.1, which discusses client behavior. OpenSSL 3 defaults to the secure client behavior, which requires the server to support RFC5746.

For the "0A0C0103:SSL routines::internal error" the issue is that these servers only offer TLS 1.1 or older, which uses MD5-SHA1 as digest in its signature algorithm. Due to recent collision attacks on SHA1, this no longer meets OpenSSL default level of security of 80 bits (see https://sha-mbles.github.io/, which reduced the chosen-prefix collision to 63.4 bits).