PHP cURL OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054

I'm trying to run the PHP cURL request example of an API from a Windows/IIS web server
Here is the code:

<?php$curl = curl_init();curl_setopt($curl, CURLOPT_SSLCERT, 'C:\...\cacert.pem');curl_setopt($curl, CURLOPT_VERBOSE, true);$streamVerboseHandle = fopen('php://temp', 'w+');curl_setopt($curl, CURLOPT_STDERR, $streamVerboseHandle);curl_setopt_array($curl, [    CURLOPT_URL => $url,    CURLOPT_RETURNTRANSFER => true,    CURLOPT_ENCODING => "",    CURLOPT_MAXREDIRS => 10,    CURLOPT_TIMEOUT => 30,    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,    CURLOPT_CUSTOMREQUEST => "POST",    CURLOPT_POSTFIELDS => $body,    CURLOPT_HTTPHEADER => ["Authorization: Basic ".$username.":".$password,"Message-Reference: SOME_STRING_VALUE","Message-Reference-Date: SOME_STRING_VALUE","Plugin-Name: ","Plugin-Version: ","Shipping-System-Platform-Name: ","Shipping-System-Platform-Version: ","Webstore-Platform-Name: ","Webstore-Platform-Version: ","content-type: application/json"    ],]);$response = curl_exec($curl);$err = curl_error($curl);curl_close($curl);if ($err) {echo "cURL Error #:" . $err."<br>";} else {echo $response;}rewind($streamVerboseHandle);$verboseLog = stream_get_contents($streamVerboseHandle);echo "cUrl verbose information:\n", "<pre>", htmlspecialchars($verboseLog), "</pre>\n";?>

In my php.ini I have the line:

curl.cainfo="C:\...\cacert.pem"

But for some reason I had to add the CURLOPT_SSLCERT option because I was getting:

OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054

I downloaded the cacert.pem file from here as written in this note

But I get this:

cURL Error #:unable to set private key file: 'C:\...\cacert.pem' type PEMcUrl verbose information:*   Trying xxx.xxx.xxx.xxx...* TCP_NODELAY set* Connected to api.domain.ext (xxx.xxx.xxx.xxx) port 443 (#0)* ALPN, offering http/1.1* unable to set private key file: 'C:\...\cacert.pem' type PEM* Closing connection 0

Am I missing something? How can I solve?

UPDATE
I moved the cacert.pem to the php directory and deleted the CURLOPT_SSLCERT option and now the connection closes later but I get OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054 again:

* Hostname api.domain.ext was found in DNS cache*   Trying xxx.xxx.xxx.xxx...* TCP_NODELAY set* Connected to api.domain.ext (xxx.xxx.xxx.xxx) port 443 (#0)* ALPN, offering http/1.1* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH* successfully set certificate verify locations:  CAfile: C:\Program Files (x86)\iis express\PHP\v7.0\cacert.pem  CApath: none* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256* ALPN, server did not agree to a protocol* Server certificate:*  subject: C=**; ST=********; L=********; O=********; CN=*********  start date: Apr 12 03:17:12 2024 GMT*  expire date: Apr 12 03:16:12 2025 GMT*  subjectAltName: host "api.domain.ext" matched cert's "api.domain.ext"*  issuer: C=**; O=********; CN=*********  SSL certificate verify ok.> POST /path HTTP/1.1Host: api.domain.extAccept: */*Accept-Encoding: deflate, gzipAuthorization: Basic ********:********Message-Reference: SOME_STRING_VALUEMessage-Reference-Date: SOME_STRING_VALUEcontent-type: application/jsonContent-Length: 1602Expect: 100-continue* OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054* stopped the pause stream!* Closing connection 0

Reading this solution API causes "Curl error: OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 10054" I also tried from another server without anything in the middle to exclude firewalls problems but same

UPDATE 10/30/2024

from the server side they told me this:

Error seems to be related to cipher suite presented by end-userPlease make sure user is sending a supported cipherCipher SuitesECDHE-RSA-AES128-GCM-SHA256/TLS1.2, DTLS1.2ECDHE-RSA-AES128-CBC-SHA/TLS1.0, TLS1.1, DTLS1.0, TLS1.2, DTLS1.2ECDHE-RSA-AES128-SHA256/TLS1.2, DTLS1.2ECDHE-RSA-AES256-GCM-SHA384/TLS1.2, DTLS1.2ECDHE-RSA-AES256-CBC-SHA/TLS1.0, TLS1.1, DTLS1.0, TLS1.2, DTLS1.2ECDHE-RSA-AES256-SHA384/TLS1.2, DTLS1.2AES128-GCM-SHA256/TLS1.2, DTLS1.2AES128-SHA/TLS1.0, TLS1.1, TLS1.2, DTLS1.2, DTLS1.0AES128-SHA256/TLS1.2, DTLS1.2AES256-GCM-SHA384/TLS1.2, DTLS1.2AES256-SHA/TLS1.0, TLS1.1, TLS1.2, DTLS1.2, DTLS1.0AES256-SHA256/TLS1.2, DTLS1.2CAMELLIA128-SHA/TLS1.0, TLS1.1, TLS1.2, DTLS1.2CAMELLIA256-SHA/TLS1.0, TLS1.1, TLS1.2, DTLS1.2ECDHE-ECDSA-AES128-GCM-SHA256/TLS1.2, DTLS1.2ECDHE-ECDSA-AES128-CCM/TLS1.2, DTLS1.2ECDHE-ECDSA-AES128-CCM8/TLS1.2, DTLS1.2ECDHE-ECDSA-AES128-SHA/TLS1.0, TLS1.1, TLS1.2, DTLS1.2ECDHE-ECDSA-AES128-SHA256/TLS1.2, DTLS1.2ECDHE-ECDSA-AES256-GCM-SHA384/TLS1.2, DTLS1.2ECDHE-ECDSA-AES256-CCM/TLS1.2, DTLS1.2ECDHE-ECDSA-AES256-CCM8/TLS1.2, DTLS1.2ECDHE-ECDSA-AES256-SHA/TLS1.0, TLS1.1, TLS1.2, DTLS1.2ECDHE-ECDSA-AES256-SHA384/TLS1.2, DTLS1.2TLS13-AES128-GCM-SHA256/TLS1.3TLS13-AES256-GCM-SHA384/TLS1.3DH GroupsP256X25519P384FFDHE2048FFDHE3072FFDHE4096Signature AlgorithmsRSA-PKCS1-SHA256RSA-PSS-SHA256ECDSA-SHA256RSA-PKCS1-SHA384RSA-PSS-SHA384ECDSA-SHA384RSA-PKCS1-SHA512RSA-PSS-SHA512ECDSA-SHA512

does this mean that my certificate is not supported?
what certificate can I use?