Transport Layer Security (TLS) protocol is often vulnerable to version downgrade attacks, where a man-in-the-middle attacker interferes with the handshake protocol and leads the communicating parties to fall back from a higher version of TLS to lower ones, which are typically provided for backward compatibility. In order to thwart the downgrade attack, several defense mechanisms are adopted in most of the recent TLS versions. However, there have not been many studies on analyzing what conditions are needed to guarantee the theoretical security, and understanding how they are implemented in practice in the era of TLS 1.3. To understand the current deployment of downgrade protection mechanisms and their security in the real world, in this paper, we investigated ten major web browsers in five operating systems with diverse implementation conditions of TLS clients and servers. As a result, we identified that two network stacks of Microsoft and Apple are vulnerable to downgrade attacks. We then demonstrate TLS sessions can be downgraded from TLS 1.3 to 1.0 by exploiting the vulnerability. Drawing on our experiment, we analyze the root cause for the vulnerability, and present several mitigation strategies.