@bgstein - Glad you were able to find the solution. Please don't forget to click "Accept" to close out your question so others can easily find it. Thank you.

Interesting - this issue is for compatibility for versions < 5.0 -- we are running thousands of UF instances all v 6.1 or greater (most 6.5+) and still seeing the issue.

So quick followup @aaraneta (hoping you can help) -- I updated the the certs per the 6.6.0 documentation/read-me-first-documentation (via distribution server) on ALL of our UFs/Heavy-Forwarders in an attempt to resolve this and still getting the errors. - we have upgraded our "Heavy" infrastructure remotely (SHs/Indexers/LicServer/Heavy-forwarders, etc) fully to 6.6.0 except for our distribution server (v6.5.2) -->if we cannot talk to UFs instances < 6.6.0 we'll be in a bad place until resolved -- yes we have also remotely upgraded "most-all" of our UFs to v6.6.0, however due to a lag in the cloud with getting our AMI's updated (our lag, not Splunk's) - cannot rely on new-ami-rollout with splunk-6-6.+ for a bit yet, So appreciate any info or feedback to help resolve (no, we have not as yet opened a ticket with support as yet - process tends to less efficient)

Did some quick testing here and it seems that the SSL changes in 6.6.0 broke communications with anything earlier than 6.4.x. I am unable to upgrade all our UF's to the new version, so currently about 1/3 of our environment is "broken". I have a case open with splunk support - waiting for a response.
If I tweak the SSL settings on the DS so it can talk to the forwarders, that breaks SSL with our License Master.

Same thing here. Seeing all 6.1.x and 6.2.x forwarders impacted.