Comment 5 for bug 1397685

There are several issues with TLS connections and the F5 firewall, and that looks like the case. That firewall terminates a TLS session if the client hello is between 256 and 512 bytes. If that is the case you can verify using wireshark.

The solution we adopted in later versions of gnutls is to add padding:
https://gitlab.com/gnutls/gnutls/commit/b6d29bb1737f96ac44a8ef9cc9fe7f9837e20465