[release/6.0] make sure OpenSSL is initialized before Tls13Supported code runs

src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.OpenSsl.cs

@@ -59,7 +59,7 @@ internal static SafeSslHandle AllocateSslContext(SslProtocols protocols, SafeX50
                     throw CreateSslException(SR.net_allocate_ssl_context_failed);
                 }
 
-                if (!Interop.Ssl.Tls13Supported)
+                if (!Interop.Ssl.Capabilities.Tls13Supported)
                 {
                     if (protocols != SslProtocols.None &&
                         CipherSuitesPolicyPal.WantsTls13(protocols))

src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.Ssl.cs

@@ -141,9 +141,13 @@ internal static partial class Ssl
         }
 
         [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_Tls13Supported")]
-        [return: MarshalAs(UnmanagedType.Bool)]
-        private static extern bool Tls13SupportedImpl();
-        internal static readonly bool Tls13Supported = Tls13SupportedImpl();
+        private static extern int Tls13SupportedImpl();
+
+        internal static class Capabilities
+        {
+            // needs separate type (separate static cctor) to be sure OpenSSL is initialized.
+            internal static readonly bool Tls13Supported = Tls13SupportedImpl() != 0;
+        }
 
         internal static SafeSharedX509NameStackHandle SslGetClientCAList(SafeSslHandle ssl)
         {

src/libraries/System.Net.Security/src/System/Net/Security/CipherSuitesPolicyPal.Linux.cs

@@ -28,7 +28,7 @@ internal sealed class CipherSuitesPolicyPal
 
         internal CipherSuitesPolicyPal(IEnumerable<TlsCipherSuite> allowedCipherSuites)
         {
-            if (!Interop.Ssl.Tls13Supported)
+            if (!Interop.Ssl.Capabilities.Tls13Supported)
             {
                 throw new PlatformNotSupportedException(SR.net_ssl_ciphersuites_policy_not_supported);
             }