Comment 12 for bug 1872541

Mariadb client is built with gnutls, I believe.

I was able to reproduce this now. If you install an older mysql server from before 5.6 also used openssl (5.6.44 in my case), then enable ssl on the server, you get the error reported when trying to connect to it from Ubuntu 20.04 8.0 client. The user you try to connect to doesn't need to have any special settings on it.

Upgrading to 5.6.47 fixed the issue for me, so I'm guessing this is because 5.6.44 was built with yassl, which is old and unsupported (again, I don't know exactly what Amazon does, so needs verifying).
The cause might be that yassl only supports TSL 1.1, while Ubuntu with the update to OpenSSL 1.1.1f has started enforcing 1.2 as the minimum version (if I'm reading the changelog correctly).

I don't think this is a bug. Only fix would be setting ssl-mode to DISABLED in the client config or getting the server updated (which as you said is outside your control) to one that isn't built with yaSSL.