diff --git a/configure.ac b/configure.ac
index 96d25fccd..9f5198f25 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3919,7 +3919,7 @@ fi
 
 if test "$ENABLED_POLY1305" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
+    AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305"
 fi
 
 
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 30fd154e6..8d4ca1e71 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -2552,11 +2552,8 @@ extern void uITRON4_free(void *p) ;
     #define NO_SHA2_CRYPTO_CB
 #endif
 
-/* configure.ac forces HAVE_ONE_TIME_AUTH when --enable-poly1305. There exists
- * a scenario however where cipher suite
- * TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 is listed as available but fails
- * when set with wolfSSL_CTX_set_cipher_list for users using a user_settings.h
- * to control the build.
+/* Enable HAVE_ONE_TIME_AUTH by default for use with TLS cipher suites
+ * when poly1305 is enabled
  */
 #if defined(HAVE_POLY1305) && !defined(HAVE_ONE_TIME_AUTH)
     #define HAVE_ONE_TIME_AUTH