If anybody needs a workaround, disable the CHACHA20 cipher suites which use Poly1305:
$ openssl s_client -debug -showcerts -connect graph.facebook.com:443 -ciphersuites TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 -cipher 'ALL:!CHACHA20'
Unfortunately, it appears this can't be done system wide from /etc/ssl/openssl.conf - it needs to be done in a tool specific way for each tool using openssl (such as curl: https://curl.se/docs/ssl-ciphers.html).
If anybody needs a workaround, disable the CHACHA20 cipher suites which use Poly1305:
$ openssl s_client -debug -showcerts -connect graph.facebook. com:443 -ciphersuites TLS_AES_ 256_GCM_ SHA384: TLS_AES_ 128_GCM_ SHA256 -cipher 'ALL:!CHACHA20'
Unfortunately, it appears this can't be done system wide from /etc/ssl/ openssl. conf - it needs to be done in a tool specific way for each tool using openssl (such as curl: https:/ /curl.se/ docs/ssl- ciphers. html).