diff --git a/src/tls.c b/src/tls.c
index 78972a1bd..1593f28d8 100644
--- a/src/tls.c
+++ b/src/tls.c
@@ -16149,7 +16149,7 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType,
                 /* RFC 8446 4.2.4 states trusted_ca_keys is not used
                    in TLS 1.3. */
                 if (IsAtLeastTLSv1_3(ssl->version)) {
-                    return EXT_NOT_ALLOWED;
+                    break;
                 }
                 else
 #endif
diff --git a/tests/test-tls13-down.conf b/tests/test-tls13-down.conf
index 90f0c4bb4..3b388a026 100644
--- a/tests/test-tls13-down.conf
+++ b/tests/test-tls13-down.conf
@@ -51,7 +51,7 @@
 -v 3
 -H exitWithRet
 
-# server TLSv1.2 
+# server TLSv1.2
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -H exitWithRet
@@ -60,7 +60,7 @@
 -v 4
 -H exitWithRet
 
-# server TLSv1.2 
+# server TLSv1.2
 -v 3
 -l ECDHE-RSA-AES256-GCM-SHA384
 -H exitWithRet
@@ -119,3 +119,10 @@
 -7 3
 -s
 -l ECDHE-PSK-AES128-GCM-SHA256
+
+# server TLSv1.3
+-v 4
+
+# client downgrade with trusted ca
+-v d
+-5