You need to set minimumSupportedRelay to 0.0.0 to allow open client registration on relays. You can still enable client authentication on specific relays like those in the DMZ on a case by case basis.
The issue is that if this value is unset / unconfigured on new deployments, then it defaults to 9.5.6 while on older deployments that have been upgraded, it defaults to 0.0.0
You can see what this is set to in your deployment by consulting a current masthead / actionsite file and look for the line starting with x-bes-minimum-supported-relay-level and see what the value is set to. If this line does not exist at all in the masthead, then I believe it is considered to be effectively 0.0.0