Hi Graham,

"reset by peer" means "the peer sent us a TCP RST packet".  Why did it send it?  We have no way to know without seeing its logs.  It could be an IP blocklist, unsupported TLS version, or something completely different.  Sending a generic TCP RST packet rather than a specific TLS alert is a bad, but also quite common practice.

I'd try connecting the service with openssl s_client first to identify supported protocols and cipherauites.

If you pay for the service, you could likely contact their customer support.

Best regards,
  Mike