Android Firefox instant "download failed" from self-hosted server

Posting to collect potential answers, might not be able to investigate for a while.

I tried both NGINX and Caddy to serve static files on my site. On Google Pixel stock Android, Firefox instantly shows a “Download failed” message when trying to download files from my site.
I can open the files in-browser to see their content, but downloading them fails.
Tried some popular sites instead, and downloading from them works.
On PC (Win/Fedora & Chrome/Firefox) no problem downloading from my site.

Caddy config (trying to download files under /files/ path)
	renew_interval 1d
	auto_https disable_redirects

https://my.url.tld:443 {
	root * /var/www/html/
	file_server /files/* {
		root /var/www/
	reverse_proxy /vaultwarden/* http://[::1]:8000
	reverse_proxy /dns-query h2c://[::1]:53
	handle_path /syncthing/* {
		reverse_proxy http://[::1]:8384
	tls {
		protocols tls1.3
		alpn h3 h2
	header {
		Strict-Transport-Security "max-age=31536000; includeSubDomains"
	encode zstd gzip
nginx config
user  nginx;
worker_processes  auto;
error_log  /var/log/nginx/error.log  warn;
pid  /run/;

events {
    worker_connections  1024;

http {
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    types_hash_max_size 4096;

    access_log  off;

    sendfile            on;
    tcp_nopush          on;

    gzip  on;

    root        /usr/share/nginx/html;
    error_page  404              /404.html;
    error_page  500 502 503 504  /50x.html;

    # include  /etc/nginx/conf.d/*.conf;

    server {
        listen       443 ssl http2;
        server_name  my.url.tld;
        root         /usr/share/nginx/html;

        ssl_certificate      "/etc/pki/nginx/fullchain.cer";
        ssl_certificate_key  "/etc/pki/nginx/private/my.url.tld.key";
        ssl_protocols        TLSv1.3;
        ssl_stapling         on;
        resolver             [::1]:53;
        ssl_stapling_verify  on;
        ssl_session_cache    none;
        ssl_session_timeout  1d;
        ssl_ciphers          PROFILE=SYSTEM;
        ssl_prefer_server_ciphers  off;
        add_header  Strict-Transport-Security  "max-age=31536000; includeSubDomains"  always;
        location /files/ {
            autoindex  on;



The built-in downloader in Firefox mobile probably doesn’t support TLS 1.3.
Allowed TLS 1.2 without any other modification, and it worked.