This was a multifunction copier (MFC) failing scan to email. A packet capture shows a fatal error in the early stages of TLS negotiation.
I was never able to find the exact cause of the failure. The MFC was an effective black-block so unfortunately there was no access to verbose logs.
The packet capture shows a standard RFC5246 TLS handshake with compatibile protocol version
0x0301 and cipher
0x0035 between the server and client. Despite this the MFC terminated the connection.
You can download a pcap of this sequence here. If you figure out the root cause let me know - I'd love to solve this.
Fig1. The full sequence.
Fig2. The client hello.
Fig3. The server hello, certificate requests, and server done.
Fig4. The handshake fatal error.
You can download a pcap of this sequence here.