diff --git a/handler/src/main/java/io/netty/handler/ssl/AbstractSniHandler.java b/handler/src/main/java/io/netty/handler/ssl/AbstractSniHandler.java
index 9e22252c1e..e9325144a6 100644
--- a/handler/src/main/java/io/netty/handler/ssl/AbstractSniHandler.java
+++ b/handler/src/main/java/io/netty/handler/ssl/AbstractSniHandler.java
@@ -151,8 +151,9 @@ public abstract class AbstractSniHandler<T> extends ByteToMessageDecoder {
                                     select(ctx, extractSniHostname(handshakeBuffer, 0, handshakeLength));
                                     return;
                                 }
+                                break;
                             }
-                            break;
+                            // fall-through
                         default:
                             // not tls, ssl or application data, do not try sni
                             select(ctx, null);
diff --git a/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java b/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
index 0a752e45d0..6b4b83d10f 100644
--- a/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
+++ b/handler/src/test/java/io/netty/handler/ssl/SniHandlerTest.java
@@ -322,7 +322,7 @@ public class SniHandlerTest {
                 ch.writeInbound(Unpooled.wrappedBuffer(message));
                 // TODO(scott): This should fail because the engine should reject zero length records during handshake.
                 // See https://github.com/netty/netty/issues/6348.
-                // fail();
+                fail();
             } catch (Exception e) {
                 // expected
             }
@@ -346,6 +346,43 @@ public class SniHandlerTest {
         }
     }
 
+    @Test(timeout = 10000)
+    public void testMajorVersionNot3() throws Exception {
+        SslContext nettyContext = makeSslContext(provider, false);
+
+        try {
+            DomainNameMapping<SslContext> mapping = new DomainNameMappingBuilder<SslContext>(nettyContext).build();
+
+            SniHandler handler = new SniHandler(mapping);
+            EmbeddedChannel ch = new EmbeddedChannel(handler);
+
+            // invalid
+            byte[] message = {22, 2, 0, 0, 0};
+            try {
+                // Push the handshake message.
+                ch.writeInbound(Unpooled.wrappedBuffer(message));
+                fail();
+            } catch (Exception e) {
+                // expected
+            }
+
+            ch.close();
+
+            // When the channel is closed the SslHandler will write an empty buffer to the channel.
+            ByteBuf buf = ch.readOutbound();
+            if (buf != null) {
+                assertFalse(buf.isReadable());
+                buf.release();
+            }
+
+            assertThat(ch.finish(), is(false));
+            assertThat(handler.hostname(), nullValue());
+            assertThat(handler.sslContext(), is(nettyContext));
+        } finally {
+            releaseAll(nettyContext);
+        }
+    }
+
     @Test
     public void testSniWithApnHandler() throws Exception {
         SslContext nettyContext = makeSslContext(provider, true);