I think I found what you mean: It’s probably this: https://community.letsencrypt.org/t/warning-android-7-0-clients-not-browsers-can-only-use-curve-prime256v1/23212, https://issuetracker.google.com/issues/37122132.
So yeah, this affects both ECDHE exchanges as well as ECC certificates. The syncthing https certificates are probably ECC? Otherwise, if the certificate is not a problem a fallback to something like DHE-RSA-AES256-GCM-SHA384 or DHE-RSA-AES128-GCM-SHA256 would be totally fine, as long as >= 2048 bit numbers are used in DH and RSA.
It justs feels wrong to say “sorry, but TLS 1.2 doesn’t work on Android 7.0, an OS which is has a market share of 18.1% worldwide.”