openssl s_client -connect hostname:port -tls1_2

Yesterday our developer found that our production site had the following warning,

TLS_1

However for the same cert, this issue was not seen on our test site,

TLS_2

Checked the SSLs on both of servers and found,

Production server:

C:\Users\huangluohua>openssl s_client -connect ${production_site}:${port} -tls1_2
CONNECTED(000001D8)
11856:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:
362:

no peer certificate available

No client certificate CA names sent

SSL handshake has read 5 bytes and written 7 bytes

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2
Cipher    : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1513245049
Timeout   : 7200 (sec)
Verify return code: 0 (ok)

Test server:
C:\Users\huangluohua>openssl s_client -connect ${test_site}:${port} -tls1_2

No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 4927 bytes and written 444 bytes

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Bingo! The connection between the client and production server got stopped when doing TCP handshake! The solution is to configure TLSv1.2 supported on production server!