wget does not work on busybox (docker container): TLS handshake failure

Question

Foreword: I'm new to busybox.

Issue: wget fails to download files, such as https://www.netfilter.org/projects/iptables/files/iptables-1.8.9.tar.xz, while other transfers work fine (e.g. wget https://github.com/docker-library/busybox/archive/master.zip).

rofz@iMac: ~ % docker run -it busybox  
/ # wget --version
wget: unrecognized option '--version'
BusyBox v1.36.1 (2023-07-17 18:29:09 UTC) multi-call binary.

Usage: wget [-cqS] [--spider] [-O FILE] [-o LOGFILE] [--header STR]
    [--post-data STR | --post-file FILE] [-Y on/off]
    [--no-check-certificate] [-P DIR] [-U AGENT] [-T SEC] URL...

Retrieve files via HTTP or FTP

    --spider    Only check URL existence: $? is 0 if exists
    --header STR    Add STR (of form 'header: value') to headers
    --post-data STR Send STR using POST method
    --post-file FILE    Send FILE using POST method
    --no-check-certificate  Don't validate the server's certificate
    -c      Continue retrieval of aborted transfer
    -q      Quiet
    -P DIR      Save to DIR (default .)
    -S          Show server response
    -T SEC      Network read timeout is SEC seconds
    -O FILE     Save to FILE ('-' for stdout)
    -o LOGFILE  Log messages to FILE
    -U STR      Use STR for User-Agent header
    -Y on/off   Use proxy
/ # wget https://github.com/docker-library/busybox/archive/master.zip
Connecting to github.com (192.30.255.113:443)
wget: note: TLS certificate validation not implemented
Connecting to codeload.github.com (140.82.112.10:443)
saving to 'master.zip'
master.zip           100% |*****************************************************************************************************| 34890  0:00:00 ETA
'master.zip' saved
/ # wget https://www.netfilter.org/projects/iptables/files/iptables-1.8.9.tar.xz
Connecting to www.netfilter.org (92.243.18.11:443)
wget: note: TLS certificate validation not implemented
wget: TLS error from peer (alert code 40): handshake failure
wget: error getting response: Connection reset by peer
/ # 

Any ideas?

Note: I understand and I don't really care about TLS certificate validation (saw the issues raised in docker-library/busybox repo). The target issue here is the handshake failure for a specific URL/website.