This has initially been filed as https://issues.redhat.com/browse/OCPBUGS-20486 which contains the investigation. TL;DR from it:

Eventlet overrides gettimeout to use a private instance variable _timeout, but for some reason does not initialize it early enough. Normally, the Python's ssl module calls settimeout. But the fix for CVE 2023-40217 shuffles this code around, adding a new call to gettimeout before settimeout is called with the cached timeout value. This breaks the eventlet's TLS support.

The fix should be rather simple IMO: just remove the condition on Python 2 from here: https://github.com/eventlet/eventlet/blob/master/eventlet/green/ssl.py#L108

Setting severity to blocker because it breaks metal platform on OCP 4.11 (and I guess other releases soon).