I watched some network traffic, and I wonder if this might be related:
RP appears to be hardcoded to use TLSv1.2, which is supported by the XEP.
M1ToGo does not specify a protocol level. Instead, it leaves the choice of protocol to the Operating System. It appears that Windows wants to use TLSv1.3, which fails to connect.
If I go to a Linux machine and run
openssl s_client -connect IP_OF_M1XEP:2601 -tls1_2, I see that the connection works. However, if I run
openssl s_client -connect IP_OF_M1XEP:2601 -tls1_3, I see an SSL Handshake failure on the client side and the “Trace” dialog has the same “Secure SSL negotiation failed, code: -3” error message.
The thing I don’t yet know is why this should change depending on the XEP firmware version.