diff --git a/packages/bun-usockets/src/crypto/openssl.c b/packages/bun-usockets/src/crypto/openssl.c
index 72ba87ec3c..bbfd4d7cbd 100644
--- a/packages/bun-usockets/src/crypto/openssl.c
+++ b/packages/bun-usockets/src/crypto/openssl.c
@@ -366,11 +366,18 @@ void us_internal_trigger_handshake_callback(struct us_internal_ssl_socket_t *s,
         verify_error.error = -1;
 
         if (SSL_is_server(s->ssl)) {
-          verify_error.reason = "Wrong version number on server";
-          verify_error.code = "ERR_SSL_WRONG_VERSION_NUMBER";
-        } else {
-          verify_error.reason = unsupported_proto_reason_client;
-          verify_error.code = unsupported_proto_client;
+          SSL_CTX *ctx = SSL_get_SSL_CTX(s->ssl);
+          int min = SSL_CTX_get_min_proto_version(ctx);
+          int max = SSL_CTX_get_max_proto_version(ctx);
+          int is_legacy = (min == max) && (min == TLS1_1_VERSION || min == TLS1_VERSION);
+          printf("[usockets] SERVER handshake debug: min=%d, max=%d, is_legacy=%d\n", min, max, is_legacy);
+          if (is_legacy) {
+            verify_error.reason = "Wrong version number on server";
+            verify_error.code = "ERR_SSL_WRONG_VERSION_NUMBER";
+          } else {
+            verify_error.reason = "Unsupported protocol on server";
+            verify_error.code = "ERR_SSL_UNSUPPORTED_PROTOCOL";
+          }
         }
       } else if (
         verify_error.code && (
@@ -378,9 +385,19 @@ void us_internal_trigger_handshake_callback(struct us_internal_ssl_socket_t *s,
           strcmp(verify_error.code, "UNSUPPORTED_PROTOCOL") == 0
         )
       ) {
+        SSL_CTX *ctx = SSL_get_SSL_CTX(s->ssl);
+        int min = SSL_CTX_get_min_proto_version(ctx);
+        int max = SSL_CTX_get_max_proto_version(ctx);
+        int is_tlsv1_1_method = (min == TLS1_1_VERSION && max == TLS1_1_VERSION);
+        int is_tlsv1_method   = (min == TLS1_VERSION   && max == TLS1_VERSION);
+        if (is_tlsv1_1_method || is_tlsv1_method) {
+          verify_error.reason = "TLSv1 alert protocol version";
+          verify_error.code = "ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION";
+        } else {
+          verify_error.reason = unsupported_proto_reason_client;
+          verify_error.code = unsupported_proto_client;
+        }
         verify_error.error = -1;
-        verify_error.reason = unsupported_proto_reason_client;
-        verify_error.code = unsupported_proto_client;
       }
     }
     context->on_handshake(s, success, verify_error, context->handshake_data);
diff --git a/test/js/node/test/parallel/test-tls-min-max-version.js b/test/js/node/test/parallel/test-tls-min-max-version.js
index 2eff3fd782..0bb76fdc8c 100644
--- a/test/js/node/test/parallel/test-tls-min-max-version.js
+++ b/test/js/node/test/parallel/test-tls-min-max-version.js
@@ -164,13 +164,13 @@ if (DEFAULT_MIN_VERSION === 'TLSv1.2') {
   // test(U, U, 'TLSv1_1_method', U, U, 'SSLv23_method',
   //      U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
   //      'ERR_SSL_UNSUPPORTED_PROTOCOL');
-  // test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
-  //      U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
-  //      'ERR_SSL_UNSUPPORTED_PROTOCOL');
-  test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
-       U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
-  test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
-       U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
+  test(U, U, 'TLSv1_method', U, U, 'SSLv23_method',
+       U, 'ERR_SSL_TLSV1_ALERT_PROTOCOL_VERSION',
+       'ERR_SSL_UNSUPPORTED_PROTOCOL');
+  // test(U, U, 'SSLv23_method', U, U, 'TLSv1_1_method',
+  //      U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
+  // test(U, U, 'SSLv23_method', U, U, 'TLSv1_method',
+  //      U, 'ERR_SSL_UNSUPPORTED_PROTOCOL', 'ERR_SSL_WRONG_VERSION_NUMBER');
 }
 
 // if (DEFAULT_MIN_VERSION === 'TLSv1.1') {