While reviewing https://gerrit.wikimedia.org/r/c/operations/software/transferpy/+/859007 I've noticed that at least on bullseye with openssl 1.1.1n-0+deb11u3, openssl enc issues a WARNING when PBKDF2 isn't used:
*** WARNING : deprecated key derivation used. Using -iter or -pbkdf2 would be better.
I'd recommend adding -iter 310000 (enables PBKDF2 with 310k iterations). The 310k comes from https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html:
If FIPS-140 compliance is required, use PBKDF2 with a work factor of 310,000 or more and set with an internal hash function of HMAC-SHA-256.