I haven't been able to confirm, but is it true that net/http will NOT honor the options/values set in /etc/ssl/openssl.cnf? I have been trying to make some TLS changes to support a downstream legacy TLS connection, and it works using the openssl s_client but my rails app keeps throwing the OpenSSL errors.
If true, is there a workaround or way to get the config file honored by the ruby/rails app? I haven't been able to find one.
I've tried exposing ssl_options to net/http and then making changes that way and that works but I'd rather make the change in the openssl.cnf file and have it be honored by net/http instead.