This was a multifunction copier (MFC) failing scan to email. A packet capture shows a fatal error in the early stages of TLS negotiation.

I was never able to find the exact cause of the failure. The MFC was an effective black-block so unfortunately there was no access to verbose logs.

The packet capture shows a standard RFC5246 TLS handshake with compatibile protocol version 0x0301 and cipher 0x0035 between the server and client. Despite this the MFC terminated the connection.

You can download a pcap of this sequence here. If you figure out the root cause let me know - I'd love to solve this.

Screencaps

Fig1. The full sequence.

Fig2. The client hello.

Fig3. The server hello, certificate requests, and server done.

Fig4. The handshake fatal error.

You can download a pcap of this sequence here.