A support call came in and after a few days, I managed to notice that TLS v1.0 and v1.1 were not being provided by my web server,
nginx. The configuration was fine and explicitly enables TLSv1 and TLSv1.1. Nothing appeared in nginx's logs…
openssl s_client -tls1 -connect matrix.org:443 doesn't work (it fails with
no protocols available), whereas it does under Ubuntu 18.04.
Someone else at this question is no longer able to connect to their MySQL server that doesn't support TLS v1.2.
I tried modifying
/etc/ssl/openssl.cnf (which is symlinked to by
/usr/lib/ssl/openssl.cnf) to add
openssl_conf = default_conf [ default_conf ] ssl_conf = ssl_sect [ ssl_sect ] system_default = system_default_sect [ system_default_sect ] MinProtocol = TLSv1 DEFAULT@SECLEVEL = 1
This did not result in any difference when using the
openssl command shown before (I tried both 'TLSv1' and 'TLSv1.0' as the MinProtocol).