I'm on Catalina. FPC 3.2.2 and Lazarus 2.2.0, both built from source. I don't use Brew. Here are the SSL libraries on my machine:
% ls -l /usr/lib/*ssl*
-rwxr-xr-x 1 root wheel 1489456 Sep 22 2020 /usr/lib/libboringssl.dylib*
-rwxr-xr-x 1 root wheel 212288 Sep 22 2020 /usr/lib/libssl.0.9.7.dylib*
-rwxr-xr-x 1 root wheel 335888 Sep 22 2020 /usr/lib/libssl.0.9.8.dylib*
-rwxr-xr-x 1 root wheel 330576 Feb 5 10:08 /usr/lib/libssl.35.dylib*
-rwxr-xr-x 1 root wheel 313984 Feb 5 10:08 /usr/lib/libssl.43.dylib*
-rwxr-xr-x 1 root wheel 300480 Feb 5 10:08 /usr/lib/libssl.44.dylib*
-rwxr-xr-x 1 root wheel 294016 Feb 5 10:08 /usr/lib/libssl.46.dylib*
-rwxr-xr-x 1 root wheel 32928 Feb 5 10:08 /usr/lib/libssl.dylib*
I modified line 118 of openssl.pas by adjusting the size of the array and adding '.46' as the 2nd item:
DLLVersions: array[1..20] of string = ('', '.46', ... the rest of the original stuff
Built and installed the changed version. Then your program works. I also tried setting DLLSSLName to 'libboringssl' just to try but no dice.
I also tested with my own server, which is configured to accept TLS 1.2 or higher with "strong" cipher suites. Without the above mod, same error. With the mod, program works.
So the issue should be Gitlab's and Github's correctly rejecting known-insecure SSL/TLS versions when using outdated OpenSSL libraries.
Maybe a long term solution is for FPC to have an API to specify the particular library files to load?