[Dúvida] SSlHandshakeException ao conectar na omdbapi

Olá,

Estou recebendo o seguinte erro ao fazer a chamada https://www.omdbapi.com/?t=Blade+Runner&apikey=11111111 na minha aplicação:

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
...
Caused by: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
...
Caused by: java.net.SocketException: Connection reset

Estou utilizando as mesmas configurações do curso (Java 17), exceto pela versão do Spring, que agora está na 3.3.1. O debug da comunicação SSL não ajuda muito, entretanto, parece que meu java insiste em utilizar o TLSv1.2, mesmo eu forçando a utilizar o TLSv1.3. Segue o log SSL:

javax.net.ssl|DEBUG|10|main|2024-07-09 11:26:09.534 BRT|SSLCipher.java:466|jdk.tls.keyLimits:  entry = AES/GCM/NoPadding KeyUpdate 2^37. AES/GCM/NOPADDING:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|10|main|2024-07-09 11:26:09.544 BRT|SSLCipher.java:466|jdk.tls.keyLimits:  entry =  ChaCha20-Poly1305 KeyUpdate 2^37. CHACHA20-POLY1305:KEYUPDATE = 137438953472
javax.net.ssl|DEBUG|31|HttpClient-1-Worker-0|2024-07-09 11:26:09.774 BRT|SSLExtensions.java:272|Ignore, context unavailable extension: cookie
javax.net.ssl|DEBUG|31|HttpClient-1-Worker-0|2024-07-09 11:26:09.790 BRT|PreSharedKeyExtension.java:661|No session to resume.
javax.net.ssl|DEBUG|31|HttpClient-1-Worker-0|2024-07-09 11:26:09.790 BRT|SSLExtensions.java:272|Ignore, context unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|31|HttpClient-1-Worker-0|2024-07-09 11:26:09.798 BRT|ClientHello.java:641|Produced ClientHello handshake message (
"ClientHello": {
  "client version"      : "TLSv1.2",
  "random"              : "D80436AF64FA8AD264E8506F4BF5A20063B7CAB0AF61313ACB711AEF62419A58",
  "session id"          : "BD18712E08BBF41B7363BE68FAF2290A65FC79B08EBB61AE7D246BB46B58090A",
  "cipher suites"       : "[TLS_AES_256_GCM_SHA384(0x1302), TLS_AES_128_GCM_SHA256(0x1301), TLS_CHACHA20_POLY1305_SHA256(0x1303)]",
  "compression methods" : "00",
  "extensions"          : [
    "server_name (0)": {
      type=host_name (0), value=www.omdbapi.com
    },
    "status_request (5)": {
      "certificate status type": ocsp
      "OCSP status request": {
        "responder_id": <empty>
        "request extensions": {
          <empty>
        }
      }
    },
    "supported_groups (10)": {
      "versions": [x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192]
    },
    "application_layer_protocol_negotiation (16)": {
      [h2, http/1.1]
    },
    "signature_algorithms (13)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "supported_versions (43)": {
      "versions": [TLSv1.3]
    },
    "psk_key_exchange_modes (45)": {
      "ke_modes": [psk_dhe_ke]
    },
    "signature_algorithms_cert (50)": {
      "signature schemes": [ecdsa_secp256r1_sha256, ecdsa_secp384r1_sha384, ecdsa_secp521r1_sha512, ed25519, ed448, rsa_pss_rsae_sha256, rsa_pss_rsae_sha384, rsa_pss_rsae_sha512, rsa_pss_pss_sha256, rsa_pss_pss_sha384, rsa_pss_pss_sha512, rsa_pkcs1_sha256, rsa_pkcs1_sha384, rsa_pkcs1_sha512, ecdsa_sha1, rsa_pkcs1_sha1]
    },
    "key_share (51)": {
      "client_shares": [  
        {
          "named group": x25519
          "key_exchange": {
            0000: 87 89 87 53 1C CC 9B A8   2C 22 B2 F4 11 9D D9 B1  ...S....,"......
            0010: 0B 6E 45 87 A1 04 DF 18   4D 18 3D 9E CF DD 6C 2E  .nE.....M.=...l.
          }
        },
        {
          "named group": secp256r1
          "key_exchange": {
            0000: 04 22 4D 97 F4 11 61 B2   56 7E 9A AA CB 3C 90 FB  ."M...a.V....<..
            0010: 15 3A 7E 8A 3E 21 37 15   84 28 5D 47 B0 F9 25 03  .:..>!7..(]G..%.
            0020: B9 08 24 01 1C FB 33 EE   9B 53 6F 1C D2 CB 62 B2  ..$...3..So...b.
            0030: 37 31 77 5E 56 7F 2E 5B   E2 DC 37 09 67 9E A0 0A  71w^V..[..7.g...
            0040: E9 
          }
        },
      ]
    }
  ]
}
)
2024-07-09T11:26:09.853-03:00  INFO 15224 --- [screenmatch] [           main] .s.b.a.l.ConditionEvaluationReportLogger : 

Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.
javax.net.ssl|DEBUG|30|Finalizer|2024-07-09 11:26:09.866 BRT|SSLSocketImpl.java:577|duplex close of SSLSocket
javax.net.ssl|DEBUG|30|Finalizer|2024-07-09 11:26:09.867 BRT|SSLSocketImpl.java:1781|close the SSL connection (passive)

Já rodei com todas as variações possívels de -Djdk.tls.client.protocols e -Dhttps.protocols, mas sem sucesso. Alguma sugestão?