Unable to connect to https://api.kucoin.com due to javax.net.ssl.SSLException: error:0A000410:SSL routines::sslv3 alert handshake failure

[essessen1]

Hi folks. I am not sure if this is the right place to raise this but I thought I would create an issue none the less. Please feel free to move it to the appropriate place or close it out if this is not an issue.
I was attempting to use the HttpClient provided by one nio but I was unable to get it to connect to https://api.kucoin.com. The client works with other servers that I have tried with but for this one server, it fails. I tried with both one-nio-1.5.0.jar and the latest one-nio-1.6.1.jar. For 1.5.0, I used openssl1.1 and for 1.6.1, I used openssl3.0. I cloned the repo and built it myself and ensured that the libonenio.so object exists in the jar and then compiled it with my client code shown below.

import one.nio.http.HttpClient;
import one.nio.http.HttpException;
import one.nio.net.ConnectionString;
import one.nio.pool.PoolException;

import java.io.IOException;

public class MyHttpClient {

    public HttpClient client;

    public MyHttpClient(String hostPort) {
        this.client = new HttpClient(new ConnectionString(hostPort));
    }

    public void syncGet(String path) {
        try {
            System.out.println(this.client.get(path));
        } catch (InterruptedException | PoolException | IOException | HttpException e) {
            throw new RuntimeException(e);
        }
    }
}

However, I always ran into the following error when attempting to connect to the server:

Testing Kucoin connection
Exception in thread "main" java.lang.RuntimeException: one.nio.pool.PoolException: SocketPool[api.kucoin.com:443] createObject failed: javax.net.ssl.SSLException: error:0A000410:SSL routines::sslv3 alert handshake failure
	at util.http.MyHttpClient.syncGet(MyHttpClient.java:24)

From the error message, it looks like the issue might be with sslv3. It's possible that the server here doesn't support sslv3 but my question is why is one.nio/openssl using SSLV3 to connect to the server? I would have thought that it would use TLSv1.2. I tried to forcefully disable sslv3 in but was still unsuccessful. I modified ssl.c as shown below.
https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags

src/one/nio/net/native/ssl.c

JNIEXPORT jlong JNICALL
Java_one_nio_net_NativeSslContext_ctxNew(JNIEnv* env, jclass cls) {
    AppData* appData = create_app_data();
    if (appData == NULL) {
        throw_by_name(env, "javax/net/ssl/SSLException", "Cannot allocate SSL app data");
        return 0;
    }

    SSL_CTX* ctx = SSL_CTX_new(TLS_method());
    if (ctx == NULL) {
        free_app_data(appData);
        throw_ssl_exception(env);
        return 0;
    }

    SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY | SSL_MODE_ENABLE_PARTIAL_WRITE | SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
    fprintf(stderr, "\nSetting options to disable compression and ssl v3\n");
    unsigned long currOptions = SSL_CTX_get_options(ctx);
    fprintf(stderr, "\nCurrent options(pre set): %d\n", currOptions);
    SSL_CTX_clear_options(ctx, currOptions); // Disable TLSv1.3 compat mode.

    currOptions = SSL_CTX_get_options(ctx);
    fprintf(stderr, "\nCurrent options(post clear): %d\n", currOptions);
    currOptions |= SSL_OP_BIT(17); // Disable compression.
    currOptions |= SSL_OP_BIT(25); // Disable SSL V3.
    currOptions |= SSL_OP_BIT(29); // Disable TLSv1.3
    SSL_CTX_set_options(ctx, currOptions);
    fprintf(stderr, "\nCurrent options(post set): %d\n", SSL_CTX_get_options(ctx));
    fprintf(stderr, "\nSuccessfully set options to disable compression and ssl v3\n");


    // Disable read-ahead until premature socket close is fixed
    // SSL_CTX_set_read_ahead(ctx, 1);
    SSL_CTX_set_info_callback(ctx, ssl_info_callback);
    SSL_CTX_set_app_data(ctx, appData);

    setup_dh_params(ctx);
    setup_ecdh_params(ctx);

    return (jlong)(intptr_t)ctx;
}

The output looks as follows:

Testing Kucoin connection

Setting options to disable compression and ssl v3

Current options(pre set): 1179648

Current options(post clear): 0

Current options(post set): 570556416

Successfully set options to disable compression and ssl v3
Exception in thread "main" java.lang.RuntimeException: one.nio.pool.PoolException: SocketPool[api.kucoin.com:443] createObject failed: javax.net.ssl.SSLException: error:0A000410:SSL routines::sslv3 alert handshake failure
	at util.http.MyHttpClient.syncGet(MyHttpClient.java:24)

570556416 === 0b100010000000100000000000000000 (17th, 25th and 29th bit are set)

[ubuntu@ip-10-20-82-90 ~]$ openssl s_client -connect api.kucoin.com:443 -tls1_2
CONNECTED(00000003)
depth=1 C = US, O = "Cloudflare, Inc.", CN = Cloudflare Inc ECC CA-3
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C = US, ST = California, L = San Francisco, O = "Cloudflare, Inc.", CN = kucoin.com
verify return:1

....

No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: ECDSA
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 2746 bytes and written 296 bytes
Verification error: unable to get local issuer certificate
---
New, TLSv1.2, Cipher is ECDHE-ECDSA-CHACHA20-POLY1305
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-ECDSA-CHACHA20-POLY1305

I would be really grateful if someone can help me out with this. Please do let me know if this is a known issue which has workarounds. I went through the issues posted previously but was unable to find any that matched this.