diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 3ee4a7dbc..c2837b722 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2272,6 +2272,15 @@ extern void uITRON4_free(void *p) ;
     #undef WOLFSSL_TLS13
 #endif
 
+/* For FIPSv2 make sure the ECDSA encoding allows extra bytes
+ * but make sure users consider enabling it */
+#if !defined(NO_STRICT_ECDSA_LEN) && defined(HAVE_FIPS) && \
+        defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2    
+    #define NO_STRICT_ECDSA_LEN
+    #warning "ECDSA length checks off by default for CAVP testing"
+    #warning "consider enabling strict checks in production"
+#endif
+
 
 #ifdef __cplusplus
     }   /* extern "C" */