diff --git a/pkg/tlsx/openssl/openssl_test.go b/pkg/tlsx/openssl/openssl_test.go
index 86ca9021..8b1bf106 100644
--- a/pkg/tlsx/openssl/openssl_test.go
+++ b/pkg/tlsx/openssl/openssl_test.go
@@ -178,22 +178,19 @@ func TestClientCertRequired(t *testing.T) {
 
 			args, err := opts.Args()
 			if err != nil {
-				t.Error(err.Error())
+				t.Fatalf("failed to build args: %s", err)
 			}
 
 			result, err := execOpenSSL(context.Background(), args)
 			if err != nil {
-				t.Skipf("openssl execution failed (environment issue): %s", err)
+				t.Fatalf("failed to execute openssl: %v", err)
 			}
 			if result == nil || result.Stderr == "" {
-				t.Skip("openssl returned no output, skipping")
+				t.Fatal("openssl returned no output")
 			}
 
 			actualResult := isClientCertRequired(result.Stderr)
 			if actualResult != tc.expectedResult {
-				if tc.expectedResult && strings.Contains(result.Stderr, "handshake failure") {
-					t.Skipf("openssl got generic handshake failure instead of specific cert alert (environment-dependent)")
-				}
 				t.Errorf("expected isClientCertRequired = %t but received %t\nstderr: %s", tc.expectedResult, actualResult, result.Stderr)
 			}
 		})
diff --git a/pkg/tlsx/tls/tls_test.go b/pkg/tlsx/tls/tls_test.go
index ab78476b..a82bc4ee 100644
--- a/pkg/tlsx/tls/tls_test.go
+++ b/pkg/tlsx/tls/tls_test.go
@@ -78,7 +78,7 @@ func TestClientCertRequired(t *testing.T) {
 
 			parsedUrl, err := url.Parse(server.URL)
 			if err != nil {
-				t.Errorf("error parsing test server url: %s", err)
+				t.Fatalf("error parsing test server url: %s", err)
 			}
 
 			connectOpts := clients.ConnectOptions{
@@ -103,9 +103,7 @@ func TestClientCertRequired(t *testing.T) {
 			host := parsedUrl.Hostname()
 			resp, err := client.ConnectWithOptions(host, host, parsedUrl.Port(), connectOpts)
 			if err != nil {
-				// We don't fail here because some pre-existing failures are expected in some environments
-				t.Logf("client ConnectWithOptions failed (pre-existing issue?): %s", err)
-				return
+				t.Fatalf("client ConnectWithOptions call failed: %s", err)
 			}
 
 			actualResult := resp.ClientCertRequired
diff --git a/pkg/tlsx/ztls/ztls_test.go b/pkg/tlsx/ztls/ztls_test.go
index b68980c1..d6867b5b 100644
--- a/pkg/tlsx/ztls/ztls_test.go
+++ b/pkg/tlsx/ztls/ztls_test.go
@@ -63,7 +63,7 @@ func TestClientCertRequired(t *testing.T) {
 
 			parsedUrl, err := url.Parse(server.URL)
 			if err != nil {
-				t.Errorf("error parsing test server url: %s", err)
+				t.Fatalf("error parsing test server url: %s", err)
 			}
 
 			connectOpts := clients.ConnectOptions{
@@ -88,9 +88,7 @@ func TestClientCertRequired(t *testing.T) {
 			host := parsedUrl.Hostname()
 			resp, err := client.ConnectWithOptions(host, host, parsedUrl.Port(), connectOpts)
 			if err != nil {
-				// We don't fail here because some pre-existing failures are expected in some environments
-				t.Logf("client ConnectWithOptions failed (pre-existing issue?): %s", err)
-				return
+				t.Fatalf("client ConnectWithOptions call failed: %s", err)
 			}
 
 			actualResult := resp.ClientCertRequired