diff --git a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
index 10862d5a6e1..ca1ccde101c 100644
--- a/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
+++ b/netty/src/test/java/io/grpc/netty/ProtocolNegotiatorsTest.java
@@ -48,6 +48,7 @@
 import io.grpc.ServerCredentials;
 import io.grpc.ServerStreamTracer;
 import io.grpc.Status;
+import io.grpc.StatusException;
 import io.grpc.StatusRuntimeException;
 import io.grpc.TlsChannelCredentials;
 import io.grpc.TlsServerCredentials;
@@ -132,6 +133,7 @@
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLHandshakeException;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManagerFactory;
 import org.junit.After;
@@ -415,8 +417,16 @@ public void from_tls_clientAuthRequire_noClientCert() throws Exception {
         .trustManager(caCert)
         .build();
     Status status = expectFailedHandshake(channelCreds, serverCreds);
-    if (!"ssl exception".equals(status.getDescription())) {
-      assertThat(status.getDescription()).startsWith("io exception");
+    assertEquals(Status.Code.UNAVAILABLE, status.getCode());
+    StatusException sre = status.asException();
+    // because of netty/netty#11604 we need to check for both TLSv1.2 and v1.3 behaviors
+    if (sre.getCause() instanceof SSLHandshakeException) {
+      assertThat(sre).hasCauseThat().isInstanceOf(SSLHandshakeException.class);
+      assertThat(sre).hasCauseThat().hasMessageThat().contains("SSLV3_ALERT_HANDSHAKE_FAILURE");
+    } else {
+      // Client cert verification is after handshake in TLSv1.3
+      assertThat(sre).hasCauseThat().hasCauseThat().isInstanceOf(SSLException.class);
+      assertThat(sre).hasCauseThat().hasMessageThat().contains("CERTIFICATE_REQUIRED");
     }
   }