Describe the bug
ssl always erroneously reverses the order of signature algorithms in the Certificate Request message in a TLS 1.3 handshake.
This causes the client to likely select the least preferred (from the server's perspective) algorithm that it supports.

To Reproduce
Establish a TLS 1.3 connection towards an ssl server configured with {verify, verify_peer} for mTLS, observe the handshake packets.

Expected behavior
Order preserved as it was configured.

Affected versions
Present since OTP 24.

Additional context
Works fine for TLS 1.2.