When we are handshaking on ingress TLS connections, we attempt to decipher which TLS protocol we are using & return a clear error statement if the user requests an unsupported protocol. However, we cannot decipher between TLS 1.2 and 1.3 connections: https://github.com/10gen/mongo/blob/bbe81edfb4d3dcfb204f33e6ab171a49b2c704ee/src/mongo/transport/asio/asio_utils.cpp#L348-L351 

This means that connections rejected because TLS 1.2 or TLS 1.3 is disabled will not return the correct protocol_version alert, and instead will simply close the connection.

Now that we are supporting platforms running OpenSSL 1.1.1+ which supports TLS 1.3, we should fix this logic. Supporting TLS 1.3 in Atlas clusters is tracked in CLOUDP-124859.