diff --git a/index.html b/index.html
index 3eca673..1352fe5 100644
--- a/index.html
+++ b/index.html
@@ -300,8 +300,8 @@ <h2 class="results-text">Results</h2>
   } else if (status == STATUS_NA) {
     desc = exp.Result;
     row.className = "status-na";
-  } else if (exp.Expected) {
-    desc = "Matches expected: " + exp.Expected;
+  } else if (exp.IsMitm) {
+    desc = "Communication succeeded, but interference by a MITM was detected";
     row.className = "status-ok";
   } else {
     desc = "";
diff --git a/main.go b/main.go
index 1b0364f..ec0fa0d 100644
--- a/main.go
+++ b/main.go
@@ -30,6 +30,7 @@ type Experiment struct {
 	Version uint16
 	Result  string
 	Failed  bool
+	IsMitm  bool
 }
 
 type keyLogPrinter struct {
@@ -126,6 +127,15 @@ func runTests(testId string, specs []SubtestSpec, verbose bool) {
 				exp.Result = response
 				exp.Failed = false
 			}
+			// if a version is negotiated, but does not match the
+			// expected version, it is likely being intercepted.
+			if result.ActualTLSVersion != 0 {
+				maxTLSVersion := spec.MaxTLSVersion
+				if maxTLSVersion == tls.VersionTLS13 {
+					maxTLSVersion = tls.VersionTLS13Draft22
+				}
+				exp.IsMitm = maxTLSVersion != result.ActualTLSVersion
+			}
 			// display in UI
 			updateExperiment(i, exp)
 		}()