OTP-19 is really old!. Starting OTP-20 ssl application will by default do the hostname check (that is not really part of TLS protocol but that should be performed by ssl clients). So httpc has in later versions been extended to use hostname configureation options and os-cacerts.
Latest verison gives me:
httpc:request("https://graph.facebook.com:443").
{ok,{{"HTTP/1.1",400,"Bad Request"},
[{"cache-control","no-store"},
{"connection","keep-alive"},
{"date","Wed, 30 Aug 2023 07:13:54 GMT"},
{"pragma","no-cache"},
{"vary","Origin"},
{"www-authenticate",
"OAuth \"Facebook Platform\" \"invalid_request\" \"Unsupported get request. Please read the Graph API documentation at https://developers.facebook.com/docs/graph-api\""},
{"content-length","241"},
{"content-type","text/javascript; charset=UTF-8"},
{"expires","Sat, 01 Jan 2000 00:00:00 GMT"},
{"access-control-allow-origin","*"},
{"facebook-api-version","v11.0"},
{"strict-transport-security","max-age=15552000; preload"},
{"x-fb-request-id","AIafgQ29lZwjt_A2LVPcpHV"},
{"x-fb-trace-id","GhwC0WFmf66"},
{"x-fb-rev","1008343745"},
{"x-fb-debug",
"+8bxcRSerxdaPJQAXCWcrmTQosGjU4W2XpoiH7FEb6cTqaT3JBG4jB4hjag6FffF4C3DG2Hp5Yng3GLQrEeh0g=="},
{"alt-svc","h3=\":443\"; ma=86400"}],
"{\"error\":{\"message\":\"Unsupported get request. Please read the Graph API documentation at https:\\/\\/developers.facebook.com\\/docs\\/graph-api\",\"type\":\"GraphMethodException\",\"code\":100,\"error_subcode\":33,\"fbtrace_id\":\"AIafgQ29lZwjt_A2LVPcpHV\"}}"}}