protocol_version (70): Protocol Version Not Supported
The protocol_version alert (TLS alert code 70) is sent when the server does not support the TLS protocol version that the client attempted to negotiate. In TLS 1.2, this happens when the client's ClientHello specifies a version that the server considers too old or not recognized. In TLS 1.3, the supported_versions extension is used instead, and a server that only supports TLS 1.3 will reject clients that only offer TLS 1.2 or earlier. This alert is becoming more common as servers phase out support for TLS 1.0 and 1.1, and as clients drop SSLv3 and older protocols.
Status
protocol_version (70): Protocol Version Not SupportedExample
$ openssl s_client -connect www.example.com:443 -tls1
CONNECTED(00000003)
...
70:error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version
:ssl/record/rec_layer_s3.c:1543:SSL alert number 70
Alternatively in a browser:
This site can't provide a secure connection
www.example.com uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCHHow to Troubleshoot
Test with specific TLS versions
Try connecting with each TLS version individually to determine which ones the server accepts and which ones it rejects.
echo | openssl s_client -connect yourdomain.com:443 -tls1_2 2>&1 | head -5 && echo '---' && echo | openssl s_client -connect yourdomain.com:443 -tls1_3 2>&1 | head -5
Update the server to support TLS 1.2 and 1.3
Configure the server to support both TLS 1.2 and TLS 1.3 for maximum compatibility. This is the recommended configuration for most production servers.
# Nginx: ssl_protocols TLSv1.2 TLSv1.3; # Apache: SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
Update the client's TLS library
If the client is using an outdated TLS library, update it to a version that supports TLS 1.2 or 1.3. For programming languages, update the runtime (Java, Python, Node.js, etc.) to a recent version.
openssl version
Check server port is accessible
Verify port 443 is open and the server is reachable before investigating protocol version issues.
Scan PortsCommon Causes
Client only supports deprecated TLS versions
highThe client's TLS library only supports TLS 1.0 or TLS 1.1, and the server requires TLS 1.2 or higher. This happens with old operating systems, embedded devices, or legacy applications that have not been updated.
Server only supports TLS 1.3
mediumSome servers are configured to only accept TLS 1.3 connections. Clients that do not support TLS 1.3 (older versions of curl, Java 8 without patches, Python 2.x) will receive this alert.
Server misconfiguration restricting protocol versions
mediumThe server's TLS configuration accidentally excludes commonly needed protocol versions. For example, setting ssl_protocols to only TLSv1.3 in Nginx when many clients still require TLS 1.2.
Quick Diagnostics
Related Error Codes
SSL Version or Cipher Mismatch
The browser and server could not agree on a supported SSL/TLS version or cipher suite.
SSL Protocol Error
The browser could not establish a secure connection because the SSL/TLS protocol negotiation failed.
TLS Handshake Failure
The TLS handshake could not be completed because the client and server failed to negotiate acceptable security parameters.
Insufficient Security
The server rejected the cipher suites offered by the client because they do not meet minimum security requirements.
Frequently Asked Questions
This reference was compiled from official RFCs, protocol specifications, and hands-on troubleshooting experience. AI tools were used primarily for formatting and organizing the content on the page.