Preliminary analysis is that something in the server's ssl hello is causing the connection to get sniped. Presumably another function of our server-side ssl cert.