Agent checks for net.tcp.service[https...] as well as web scenarios broke when target server was reconfigured to disallow TLS V1.0 protocol (forcing TLS 1.1, 1.2). Web scenario reports error message "SSL connect error: Encountered end of file".

Underlying issue with curl (shell command) attempting to connect to same URL generates "NSS error -5938 (PR_END_OF_FILE_ERROR)" and error 35, but forcing protocol with '--tlsv1.1' option does connect happily. However, no way to do this in UI, and it's not clear why current implementation won't negotiate >= 1.1 since it's capable.