diff --git a/nfq/protocol.c b/nfq/protocol.c
index 8c6470c..b688980 100644
--- a/nfq/protocol.c
+++ b/nfq/protocol.c
@@ -177,7 +177,7 @@ bool IsTLSRecordFull(const uint8_t *data, size_t len)
 }
 bool IsTLSClientHello(const uint8_t *data, size_t len, bool bPartialIsOK)
 {
-	return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] >= 0x01 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len);
+	return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len);
 }
 
 size_t TLSHandshakeLen(const uint8_t *data)
diff --git a/tpws/protocol.c b/tpws/protocol.c
index 9043dc1..0787064 100644
--- a/tpws/protocol.c
+++ b/tpws/protocol.c
@@ -178,7 +178,7 @@ bool IsTLSRecordFull(const uint8_t *data, size_t len)
 }
 bool IsTLSClientHello(const uint8_t *data, size_t len, bool bPartialIsOK)
 {
-	return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] >= 0x01 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len);
+	return len >= 6 && data[0] == 0x16 && data[1] == 0x03 && data[2] <= 0x03 && data[5] == 0x01 && (bPartialIsOK || TLSRecordLen(data) <= len);
 }
 
 // bPartialIsOK=true - accept partial packets not containing the whole TLS message