Configuring OpenSSL to connect to an old server

Hello, all

I am trying to connect to my work network via OpenConnect from
my FreeBSD 14.1 RELEASE.  The command that used to work an other
OS:
echo XXXXXXX | \
openconnect -vvvv --authgroup REM \
--servercert pin-sha256:XXXXXXXXXXXXXXX= \
-u anton --passwd-on-stdin X.X.X.X

now fails with:

00202139C9090000:
error:
0A000152:
SSL routines:
final_renegotiate:
unsafe legacy renegotiation disabled:
/usr/src/crypto/openssl/ssl/statem/extensions.c:894:

I found suggestions on StackOverflow to specify one of the
following lines in the config file:

Options = UnsafeLegacyRenegotiation
Options = UnsafeLegacyServerConnect

Niether help, but both change changed to:

0020E1F579080000:
error:
0A00014D:SSL routines:
tls_process_key_exchange:
legacy sigalg disallowed or unsupported:
/usr/src/crypto/openssl/ssl/statem/statem_clnt.c:2255:

Also in connection with this problem, the option
SSL_OP_LEGACY_SERVER_CONNECT is mentioned. It is disabled by default
since OpenSSL 3.0, and I have 3.0.13 .  But how can I set these
OpenSSL options?  There is a C API for it, ssl_set_options(3), but
I cannot find information on setting them in the configuration file
or the environment. Can you help?

In fact, I couldn't find either of the options mentioned on SO:

>man -wK UnsafeLegacy

yields nothing.  Futhermore, the `openssl' man page references
config(5), but on this FreeBSD it is not about OpenSSL, but about
the Kernel configuration file format.  Is it an error in the doc.
distritution, or am I using `man' wrong?