I believe that there might be two entirely different problems on Android 7.0 - Altough I haven’t verified this yet.
There’s currently one user which apparently only has TLS 1.0 support. This is really strange and at this point I have no explanation for it - it may be related to a very specific setup, or it’s caused by another issue.
The second issue that may arise when TLS 1.2 is enabled on Android 7.0 is that the handshake will fail, due to incompatible cipher suites. Right now, this problem is entirely hypothetical, so it may not exist at all.
Looking at the link you send, there are indeed ciphers with RSA (some for signing only and some for signing and secret transport [no PFS]). But if my TLS understanding is correct, these ciphers can only be used when the certificate is RSA. This is likely the case for older syncthing installs, but as I showed above it is not the case for new installs - those use ECDSA and therefore the ciphers with RSA signing cannot be used.
This explains the image I posted above - only ciphers with ECDSA signing are available. This effectively kills everything that is not fully ECC with PFS.
And that constellation is, according to known bugs, unsupported on Android 7.0 because the elliptic curve used doesn’t work.
I tried to verify this in an Android emulator, but the Chrome browser inbuild has it’s own TLS stack which is not affected by the issue. And in the Syncthing-Fork app I can’t force TLS, it seems to always fall back to HTTP. Maybe @Catfriend1 can do a test build with TLS forced, which can then be tested on 7.0, to see whether this issue actually exists or if all of this was just noise.