Checking for max TLS version at the place mentioned below does not handle CURL_SSLVERSION_MAX_DEFAULT properly.

https://github.com/curl/curl/blame/254e04b702e96b637b647241e4edea7ee4c24b70/lib/vtls/openssl.c#L4248

If the maximum TLS version is configured to be CURL_SSLVERSION_MAX_DEFAULT, the documentation says it will be treated like TLSv1.3 if supported. This is not the case, and the configured set of ciphers is not applied.

Issue showed up when updating libcurl from 8.10.1 to 8.16.0.