diff --git a/tests/include.am b/tests/include.am
index c4b6b7af4..b4a0aef15 100644
--- a/tests/include.am
+++ b/tests/include.am
@@ -30,6 +30,7 @@ EXTRA_DIST += tests/unit.h \
               tests/test-psk-no-id.conf \
               tests/test-psk-no-id-sha2.conf \
               tests/test-dtls.conf \
+              tests/test-dtls-downgrade.conf \
               tests/test-dtls-fails.conf \
               tests/test-dtls-fails-cipher.conf \
               tests/test-dtls-group.conf \
diff --git a/tests/suites.c b/tests/suites.c
index 5f1a1fb62..b7f2c18a2 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -1023,6 +1023,17 @@ int SuiteTest(int argc, char** argv)
         goto exit;
     }
 #endif
+
+    /* Add dtls downgrade test */
+    XSTRLCPY(argv0[1], "tests/test-dtls-downgrade.conf", sizeof(argv0[1]));
+    printf("starting dtls downgrade tests\n");
+    test_harness(&args);
+    if (args.return_code != 0) {
+        printf("error from script %d\n", args.return_code);
+        args.return_code = EXIT_FAILURE;
+        goto exit;
+    }
+
 #ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES
     /* add dtls extra suites */
     XSTRLCPY(argv0[1], "tests/test-dtls-sha2.conf", sizeof(argv0[1]));
diff --git a/tests/test-dtls-downgrade.conf b/tests/test-dtls-downgrade.conf
new file mode 100644
index 000000000..067ff47a6
--- /dev/null
+++ b/tests/test-dtls-downgrade.conf
@@ -0,0 +1,21 @@
+# server DTLS multiversion allow downgrading
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLS multiversion allow downgrading
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
diff --git a/tests/test-dtls13-downgrade.conf b/tests/test-dtls13-downgrade.conf
index 4bde3259f..bda26666c 100644
--- a/tests/test-dtls13-downgrade.conf
+++ b/tests/test-dtls13-downgrade.conf
@@ -1,11 +1,43 @@
-# server DTLSv1.3 allow downgrading
+# server DTLS multiversion allow downgrade
 -vd
 -7 2
 -u
--l TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 
-# client TLSv1.2 group message
+# client DTLSv1.2
 -v 3
 -u
--l TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
--f
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLS multiversion allow downgrade
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLSv1.0
+-v 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLS multiversion, allow downgrade
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# server DTLSv1.2
+-v 3
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+
+# client DTLS multiversion, allow downgrade
+-vd
+-7 2
+-u
+-l TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA