While using  "TLS client certificate authentication" with Cloudflare, as described here: https://support.cloudflare.com/hc/en-us/articles/204899617-Authenticated-Origin-Pulls it was noted that TLS1.2 is not working, but everything is ok when Citrix ADC is configured to use TLS1.1 (TL1.2 disabled).
Obtained a traffic capture it was observer that the SSL handshake is closed 

The reason for this is that the Cloudflare is using ECC and not RSA on the certificate, as image shows:


In order to solve this, in order:
- Double check that your platform (ssl chips, if it is a SDX/MPX) and/or firmware support ECC.
- If not, disable TLS1.2 and use TLS1.1. Then Cloudflare will use RSA.

Problem Cause

ECDSA and RSA certs used on each peer. ECDSA might not be supported on your platform/firmware.