"Connection refused", generally means that your server (sometimes this can be a firewall too - although firewalls tend to more often just silently drop packets) is sending a RST packet to an attempt to connect. Check with netstat and see if Nginx is bound to your public IP on :443

As for your question on SSL config -- it is valid in both the http and server context, ref. http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols

Your configuration seems to be that you have one certificate, and two virtual hosts, that respond to different host-headers.

for the first one, you probably mean:

server_name foo.com bar.foo.com;

or do you mean to have it as a catch-all for "*.foo.com"

Are you only trying to enable SSL3 for "foobar.foo.com" and have only "TLSv1.1 TLSv1.2" for the other one?

Lastly, maybe give some more stuff to work with here, like your actual URLs, and your full configuration.