My mbedtls client has been working for 2 years. It did what I required and has been stable.
However, I now need to force a new server to use my preferred cipher suite.
I found the helper function to force the cipher suite here:
https://github.com/Mbed-TLS/mbedtls/blob/de4d5b78558666d2e258d95e6c5875f9c72687ed/tests/src/test_helpers/ssl_helpers.c#L1039
I added mbedtls_ssl_conf_preference_order(conf, MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) to the end of the function to force the server to choose my ciphersuite.
(…)
However, mbedtls_ssl_handshake returns with value -26112, which I have looked up to be MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER.