This is a bug in NSS. Here's the corresponding bug I filed against Chromium: https://code.google.com/p/chromium/issues/detail?id=349775
If you're an iOS dev, would really appreciate a dupe of the rdar. It's been an issue for a long time, apparently, and Apple needs some pressure to fix it, or at the very least stop saying it works and document the error.
If you want to see the error in action, check out https://github.com/josephhainline/AppleBugTLSConnectionFails...
While this is a "bug" pertaining to "security", it doesn't look like a vulnerability; rather, if I'm reading it right, it looks like a compat/interop flaw: if your app uses TLS client certificates (like 0.001% of all apps) to talk to a 3rd party server, and you use ECC ciphersuites, the iOS SecureTransport library aborts the TLS connection.
Here's how big a deal this bug is: the feature they're talking about apparently flat-out doesn't work, they were the first people to figure that out, and this bug is the only place on the Internet that currently documents the fact.
In other words: not necessarily that big of a deal.
It's too bad, I guess, because more mobile apps should take advantage of TLS client certs; custom code that talk TLS can use them much more easily than browsers can.