diff --git a/src/tls.c b/src/tls.c
index e5c451469..f041d16a9 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -11165,6 +11165,8 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType,
                 ret = KS_PARSE(ssl, input + offset, size, msgType);
                 break;
 #endif
+            default:
+                WOLFSSL_MSG("Unknown TLS extension type");
         }
 
         /* offset should be updated here! */
diff --git a/src/tls13.c b/src/tls13.c
index e5fd49d8b..639cc9ef5 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3379,6 +3379,9 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input,
     WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_DO);
     WOLFSSL_ENTER("DoTls13CertificateRequest");
 
+#ifndef WOLFSSL_TLS13_DRAFT_18
+    XMEMSET(&peerSuites, 0, sizeof(Suites));
+#endif
 #ifdef WOLFSSL_CALLBACKS
     if (ssl->hsInfoOn) AddPacketName(ssl, "CertificateRequest");
     if (ssl->toInfoOn) AddLateName("CertificateRequest", &ssl->timeoutInfo);