If you are using the default log settings, these entries will be logged in the access.log with a Response.StatusCode of 500.
If you add the property Message.TemplateName to that log, you will see entries that have "handshakefailed" for the Message.TemplateName value.
The handshake failed page is an internal proxy page which you can view by accessing the Edit functionality for any block page and then looking under the File System section for the handshakefailed.html file.
Based on how I've seen MWG behave, MWG retrieves the server's certificate when you enable certificate verification. If MWG cannot negotiate the appropriate protocol values with the remote server, the connection will fail with a handshake failed message.
You could set up a custom log handler that triggers of Message.TemplateName = "handshakefailed" and have it generate entries that include whatever information you're interested in. For example:
2014-11-09 20:57:57,500,HTTP,sodexhoinfo-usa.com,18.104.22.168,handshakefailed,GET,error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number,CERTVERIFY TLSv1,https://sodexhoinfo-usa.com/
Sample rule set attached.