alt Hacker News[2012]
The situation has improved somewhat, although some of the underlying libraries have changed little so it's still easy to write insecure TLS.
cURL's API was improved in 7.66.0 for example: https://github.com/curl/curl/pull/4241
But the Java APIs are likely little changed.
And, the worst part is that because it is an "application" issue, it is possible that it is going to a "gift that keeps on giving" for a long time.
And the worst part is that most (indian) banks have been using only android/ios for "security" for some time now.