Comment 9 for bug 1964025

Attached is the newest version of the patch, which solves all failures mentioned above except for the EVP_PKEY_derive_set_peer diffie-hellman group 14 one:

1504 runs, 5067 assertions, 4 failures, 3 errors, 0 skips

Next steps are

* split the patch into smaller patches to ease upstream inclusion
* automatically load the custom ssl config with legacy providers if OpenSSL 3.0 is detected
* try to mock up the group 14 issue in a C PoC to get some OpenSSL upstream eyeballs on the problem