Index: generic/tlsIO.c
==================================================================
--- generic/tlsIO.c
+++ generic/tlsIO.c
@@ -158,11 +158,10 @@
 	    *errorCodePtr = ECONNABORTED;
 	} else {
 	    dprintf("Asked to wait for a TLS handshake that has already failed.  Returning soft error");
 	    *errorCodePtr = ECONNRESET;
 	}
-	Tls_Error(statePtr, "Wait for failed handshake");
 	return -1;
     }
 
     for (;;) {
 	ERR_clear_error();

Index: tests/tlsIO.test
==================================================================
--- tests/tlsIO.test
+++ tests/tlsIO.test
@@ -2037,18 +2037,18 @@
         set ::done $msg
     }
     # NOTE: when doing an in-process client/server test, both sides need
     # to be non-blocking for the TLS handshake
 
-    # Server - Only accept TLS 1.2
+    # Server - Only accept TLS 1.3
     set s [tls::socket \
         -certfile $serverCert -cafile $caCert -keyfile $serverKey -request 0 \
-	-require 0 -ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 -tls1.3 0 \
+	-require 0 -ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 0 -tls1.3 1 \
         -server Accept 8831]
-    # Client - Only propose TLS1.0
+    # Client - Only propose TLS1.2
     set c [tls::socket -async -cafile $caCert -request 0 -require 0 \
-	-ssl2 0 -ssl3 0 -tls1 1 -tls1.1 0 -tls1.2 0 -tls1.3 0 localhost 8831]
+	-ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 -tls1.3 0 localhost 8831]
     fconfigure $c -blocking 0
     puts $c a ; flush $c
     after 5000 [list set ::done timeout]
     vwait ::done
     switch -exact -- $::done {
@@ -2055,10 +2055,12 @@
         "handshake failed: wrong ssl version" -
         "handshake failed: unsupported protocol" {
             set ::done "handshake failed: wrong version number"
         }
     }
+    catch {close $c}
+    catch {close $s}
     set ::done
 } {handshake failed: wrong version number}
 
 # cleanup
 if {[string match sock* $commandSocket] == 1} {