Netcipher and Retrofit on Android 4.4

I am trying to get older android devices (4.4 and 7.0) to connect to TLS1.2 servers but I keep getting:

javax.net.ssl.SSLProtocolException: 
SSL handshake aborted: ssl=0xb9585240: Failure in SSL library, usually a protocol error
error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version (external/openssl/ssl/s23_clnt.c:741 0x9891f990:0x00000000)

I have implemented the netcipher library but I am not sure if Retrofit is actually using it:

OkHttpClient.Builder okHttpClientBuilder = new OkHttpClient.Builder()
        .addInterceptor(new AuthorizationInterceptor());

// TODO: add Tor support
Intent statusIntent = new Intent();
statusIntent.putExtra(OrbotHelper.EXTRA_STATUS, OrbotHelper.STATUS_OFF);

try {

    OkHttpClient client = StrongOkHttpClientBuilder
            .forMaxSecurity(context)
            .withWeakCiphers()
            .applyTo(okHttpClientBuilder, statusIntent)
            .build();

    retrofit = new retrofit2.Retrofit.Builder()
            .client(client)
            .baseUrl(baseUrl)
            .addConverterFactory(GsonConverterFactory.create())
            .build();

} catch (Exception e) {
    e.printStackTrace();
}

Full source code is available here: https://github.com/sschueller/peertube-android/blob/netcipher/app/src/main/java/net/schueller/peertube/network/RetrofitInstance.java

Nginx configuration: https://github.com/Chocobozzz/PeerTube/blob/develop/support/nginx/peertube

Any suggestion on what I may be doing wrong or is it not possible to talk to a TLS 1.2 server without android play services?