If anyone experiences trouble with Android 7.0 clients other than Chrome and Firefox which are shipped with their own TLS stacks: It appears that there is a regression in Android 7.0 (said to be fixed in 7.1.1 at least) where the only elliptic curve available from the system TLS stack is prime256v1.
This affects both the list of curves for ECDHE key handshake as well as the supported curves for the ECC key of the server. The former can be easily fixed on the server by enabling prime256v1 but the latter requires the generation of a new key that doesn’t use any stronger curve.
Note that while Chrome (also on Android) already supports curve x25519, even in Android 7.1.1 the only supported curves for apps using the system stack are old standard curves.