Chef server currently still relies on the rather ancient OpenSSL version 1.0.2 which is EOL, and lacks TLS 1.3 support and a bunch of new ciphers/algos.
There was an initiative in the past which was closed due to FIPS concerns #2348 but its 4 years later now, and the situation is unchanged.
The chef-infra-client is already on OpenSSL 3.0 but unfortunately the server isn't, and is serving old protocols, weak ciphers and doesn't support HTTP/2.
Related issues:
#3679
#2349
Chef server currently still relies on the rather ancient OpenSSL version 1.0.2 which is EOL, and lacks TLS 1.3 support and a bunch of new ciphers/algos.
There was an initiative in the past which was closed due to FIPS concerns #2348 but its 4 years later now, and the situation is unchanged.
The chef-infra-client is already on OpenSSL 3.0 but unfortunately the server isn't, and is serving old protocols, weak ciphers and doesn't support HTTP/2.
Related issues:
#3679
#2349