Comment 4 for bug 1782650

I've done some more digging.

It's definitely related to the upgrade from v2 to v3. My syslog from the nagios server reports errors such as:
check_nrpe: Error: (!log_opts) Could not complete SSL handshake with xxx.xxx.xxx.xxx: dh key too small

This page describes the compatibility of v3: https://support.nagios.com/kb/article/nrpe-v3-compatibility-with-previous-versions-516.html. It states:

"A 2048-bit DH key is used instead of a 512-bit key"

which very likely is the cause of the issue. The same pages provides a workaround:

"Force the plugin to send v2 packets
Using the -2 argument will force the plugin to connect with v2 packets
/usr/local/nagios/libexec/check_nrpe -2 -H centos12"

This workaround doesn't work on 18.04. I also tried with -P 1024 as suggested in some other places, to no avail.