openssl: Handshake fails with 3.0.2 & 1.1.1n, but succeeds with 1.1.1

OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

I’m unable to establish an SSL connection using OpenSSL 3.0.2 on Ubuntu 22.04, but I have no issues, with the same command, using OpenSSL 1.1.1 on Ubuntu 18.04. I’ll start with the curl command output, in case it’s helpful:

curl -v -f -u <username>:<password> https://<my-host>/path/file > file

* Connected to <my-host> (<ip-addr>) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.2 (IN), TLS header, Unknown (21):
{ [5 bytes data]
* TLSv1.3 (IN), TLS alert, internal error (592):
{ [2 bytes data]
* error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection 0
curl: (35) error:0A000438:SSL routines::tlsv1 alert internal error

Using openssl s_client -msg -security_debug_verbose -connect <my-host>:443

The main error is:

805B5017597F0000:error:0A000438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:../ssl/record/rec_layer_s3.c:1584:SSL alert number 80

The full stdout and stderr is in this gist

Happy to provide whatever other info I can, I’ve been googling & researching for hours, and I’ve tried dozens of arguments to s_client and curl to no avail. I wouldn’t be surprised if the server (not mine) is misconfigured; however, since it works w/o problems on OpenSSL 1.1.1, it seems like I should be able to get it to work with 3.0.2.

Thanks!