diff --git a/src/tls.c b/src/tls.c
index f30261d19..05a83577e 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -4641,10 +4641,9 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL *ssl, byte* input,
                 if (!ssl->options.downgrade)
                     continue;
 
-#ifdef NO_OLD_TLS
-                if (minor < TLSv1_2_MINOR)
+                if (minor < ssl->options.minDowngrade)
                     continue;
-#endif
+
                 /* Downgrade the version. */
                 ssl->version.minor = minor;
             }
@@ -4695,10 +4694,9 @@ static int TLSX_SupportedVersions_Parse(WOLFSSL *ssl, byte* input,
             if (!ssl->options.downgrade)
                 return VERSION_ERROR;
 
-#ifdef NO_OLD_TLS
-            if (minor < TLSv1_2_MINOR)
+            if (minor < ssl->options.minDowngrade)
                 return VERSION_ERROR;
-#endif
+
             /* Downgrade the version. */
             ssl->version.minor = minor;
         }
diff --git a/src/tls13.c b/src/tls13.c
index d21b23d70..35c3ed481 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -2643,6 +2643,11 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         return VERSION_ERROR;
     }
 #else
+    if (pv.major == ssl->version.major  && pv.minor < TLSv1_2_MINOR &&
+                                                       ssl->options.downgrade) {
+        ssl->version = pv;
+        return DoServerHello(ssl, input, inOutIdx, helloSz);
+    }
     if (pv.major != ssl->version.major || pv.minor != TLSv1_2_MINOR)
         return VERSION_ERROR;
 #endif
@@ -3626,6 +3631,9 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
                         "TLS v1.3");
             return VERSION_ERROR;
         }
+
+        if (pv.minor < ssl->options.minDowngrade)
+            return VERSION_ERROR;
         ssl->version.minor = pv.minor;
     }