I spent some time debugging this in a fresh sid debootstrap, using tcpdump to capture the handshakes and analyzing them with Wireshark. I also tested with my local browser (Chrome on Windows 7) for comparison, which worked. I narrowed it down to Atlassian's webservers requiring the presence of the rsa_pkcs1_sha1 signature algorithm in the signature algorithm list of the handshake, even though this algorithm is never used. The openssl cipherlist preference of "DEFAULT@SECLEVEL=2" prevents this algorithm from being added to the list, even if explicitly given via openssl s_client's sigalgs parameter. Changing the cipherlist to "DEFAULT@SECLEVEL=1" doesn't change the ciphers offered, but does allow rsa_pkcs1_sha1 to be sent in the signature algorithm list, and the handshake succeeds. The only difference between the values of SECLEVEL is that 1 includes the 3 SHA1 signature algorithms (1 each for DSA, RSA, and ECDSA) in the signature algorithm list, whereas 2 does not.
-dwfreed