Unless you are trying to implement MaTLS then only the cert of the upstream service will be in scope so the https://httpbin.org cert is a different cert from a different issuing authority.
If it is a legitimate cert and not self signed then the ssl_insecure_skip_verify won’t make any difference.
You may need to explicitly define which ciphers to use as per here: TLS and SSL
or use server elected ciphers:
{
“http_server_options”: {
“prefer_server_ciphers”: true
}
}