Kafka connect REST api SSL setup

I currently have Zookeeper <-> Kafka <-> Kafka Connect up and running with end to end SSL/SASL. Now I'm trying to secure the Kafka Connect REST api. I'm starting with getting https SSL working.

My connect-standalone.properties:

bootstrap.servers=kafka01.xxx.com:9093

listeners=http://kafka01.xxx.com:8083,https://kafka01.xxx.com:8084

rest.advertised.listener=https

listeners.https.ssl.client.auth=none
listeners.https.ssl.truststore.location=/progra~1/kafka_2.12-2.4.0/config/kafka.truststore.jks
listeners.https.ssl.truststore.password=xxx
listeners.https.ssl.keystore.location=/progra~1/kafka_2.12-2.4.0/config/kafka01.keystore.jks
listeners.https.ssl.keystore.password=xxx
listeners.https.ssl.key.password=xxx
listeners.https.ssl.enabled.protocols=TLSv1.2

Connect starts up with no issues. I then do:

curl -vvv -X GET --tlsv1.2 http://kafka01.xxx.com:8083/connectors

And get the correct response. When I do:

curl -vvv -X GET --tlsv1.2 https://kafka01.xxx.com:8084/connectors

I get the following:

Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to kafka01.xxx.com (127.0.0.1) port 8084 (#0)
* schannel: SSL/TLS connection with kafka01.xxx.com port 8084 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 190 bytes...
* schannel: sent initial handshake data: sent 190 bytes
* schannel: SSL/TLS connection with kafka01.xxx.com port 8084 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with kafka01.xxx.com port 8084 (step 2/3)
* schannel: encrypted data got 7
* schannel: encrypted data buffer: offset 7 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.
* Closing connection 0
* schannel: shutting down SSL/TLS connection with kafka01.xxx.com port 8084
* schannel: clear security context handle
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.

Ran
openssl s_client -connect kafka01.xxx.com:8084 -state -debug
and got:

SSL_connect:SSLv3/TLS write client hello
read from 0x1b7091f7180 [0x1b70920c143] (5 bytes => 5 (0x5))
0000 - 15 03 03 00 02                                    .....
read from 0x1b7091f7180 [0x1b70920c148] (2 bytes => 2 (0x2))
0000 - 02 28                                             .(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in error
82528:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl\record\rec_layer_s3.c:1536:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 327 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
read from 0x1b7091f7180 [0x1b7091e61d0] (8192 bytes => 0 (0x0))