Describe the bug
It seems that upgrading from Erlang/OTP 27.0.1 to any latter version breaks certificates validation in the websocket listener. Exactly the same setup (same code and same certificates) works in 27.0.1 but when updating we get this:

8084C6C3C67D0000:error:0A000413:SSL routines:ssl3_read_bytes:ssl/tls alert unsupported certificate:ssl/record/rec_layer_s3.c:911:SSL alert number 43

To Reproduce
This is just an example but in any way we try to connect to the websocket listener we get rejected with the same error.

websocat -v -t --ws-c-uri=wss://green-ws.dev.com:8088/some_id/1586/other_id/1 - ws-c:cmd:'openssl s_client -tls1_3 -connect green-ws.dev.com:8088 -cert tls.crt -key tls.key --quiet'

Expected behavior
We are able to connect and the listener creates a handler.

Affected versions
Every version of Erlang/OTP after 27.0.1 seems to be affected by this issue.

Additional context
This is our elixir code for the websocket listener:

  @impl Supervisor
  def init(_args) do
    children = [
      Plug.Cowboy.child_spec(
        ref: Websocket,
        scheme: :https,
        plug: Plug.Logger,
        options:
          [
            dispatch: dispatch(),
            port: 49_667,
            verify: :verify_peer,
            versions: [:"tlsv1.3"],
            cacertfile: "/cert/these-certs/ca.crt",
            certfile: "/cert/these-certs/tls.crt",
            keyfile: "/cert/these-certs/tls.key"
          ]
      )
    ]

    opts = [strategy: :one_for_all]
    Supervisor.init(children, opts)
  end

  defp dispatch do
    [
      {:_,
       [
         {"/some_id/:some_id/other_id/:other_id/", Websocket, []},
         {"/[...]", Websocket, []}
       ]}
    ]
  end

We are using Elixir but the issue seems to be in Erlang/OTP since just changing the version can make it work or break it.
We cannot keep on the 27.0.1 version since there is a critical CVE in that version: CVE-2025-32433