It's my first problem report, so if there is something i did wrong, please say so.

Steps to reproduce:

For CentOS 7.7

In zabbix agent

Have a certificate (for instance a site ECDSA HTTPS certificate) and add in agent config and then restart the agent.

TLSConnect = cert
TLSAccept = cert

# OS CA list for certificate chain validation
TLSCAFile   = /etc/pki/tls/certs/ca-bundle.crt
# Zabbix agent (CLIENT) certificate/chain and private key
TLSCertFile = /path/to/your/<intermediate-and-ecdsa-certificate>.pem
TLSKeyFile  = /path/to/your/<private-ecdsa-key>.pem

In zabbix server

Have a certificate (for instance a site ECDSA HTTPS certificate) and add in server config and then restart the zabbix server.

# OS CA list for certificate chain validation
TLSCAFile = /etc/pki/tls/certs/ca-bundle.crt

# Zabbix SERVER certificate/chain and private key
TLSCertFile = /path/to/your/<intermediate-and-ecdsa-certificate>.pem
TLSKeyFile = /path/to/your/<private-ecdsa-key>.pem

Result:

ECDSA certificates/private keys don't work.

Expected:

Using ECDSA certificates/private keys with no issues.

Additional comments:

The problem seams to be the ECDHE cipher suites area is hardcoded only allowing RSA keys (for certificates mode) and then PSK

#define ZBX_CIPHERS_CERT_ECDHE "EECDH+aRSA+AES128:"

Here: https://github.com/zabbix/zabbix/blob/master/src/libs/zbxcrypto/tls.c#L3241-L3242

Maybe by just changing from

#define ZBX_CIPHERS_CERT_ECDHE "EECDH+aRSA+AES128:"

to

#define ZBX_CIPHERS_CERT_ECDHE "EECDH+aECDSA+AES128:EECDH+aRSA+AES128:"