.NET 9 - OpenSSL 3 Providers - does "default" provider get loaded/made available in all cases?

[GuyWithDogs]

Got an oddball scenario trying to create a server program on Ubuntu 22.04 that will talk to an IoT device that needs to connect via SSL/TLS. We're using OpenSSL 3, .NET 9 (since it has the new Providers support), and the TPM2 on our board (so we're also using tpm2_openssl to give us a TPM2 OpenSSL 3 provider). We've created a self-signed certificate for our "server" app using the private key in the TPM2.

Running a command openssl s_server -provider tpm2 -provider default -propquery "?provider=tpm2" -accept <portnum> plus more arguments -- this works. Our device connects and sends data.

Creating a .NET 9 console app that "loads" our certificate with a call to OpenKeyFromProvider("tpm2", ourHandle) seems to give us a certificate. But when we use that as part of an AuthenticateAsServer() call, we get OpenSSL errors, mainly a "decryption failed" error.

What I'm wondering is whether that "default" provider for OpenSSL 3 is loaded into the SSL context when running like this, or if there is some sort of extra initialization I should employ to try and get that provider available? Based on my readings, and some experiments with the openssl s_server command line, if that "default" provider is unavailable, the connection fails, even on the command line. And some digging into the runtime shows that a "legacy" provider looks like it gets added to the context. But I can't see if that default provider is added.

Thanks.

[GuyWithDogs]

OpenSSL version is 3.0.2 on Ubuntu 22.04.