diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 9ad04181a..e67c20b41 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -161,6 +161,13 @@
 #define MBEDTLS_SSL_SOME_SUITES_USE_CBC
 #endif
 
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
+    ( defined(MBEDTLS_SSL_PROTO_TLS1) ||        \
+      defined(MBEDTLS_SSL_PROTO_TLS1_1) ||      \
+      defined(MBEDTLS_SSL_PROTO_TLS1_2) )
+#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
+#endif
+
 /*
  * Allow extra bytes for record, authentication and encryption overhead:
  * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
@@ -852,10 +859,7 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
           MBEDTLS_SSL_PROTO_TLS1_2 */
 
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
-    ( defined(MBEDTLS_SSL_PROTO_TLS1) ||        \
-      defined(MBEDTLS_SSL_PROTO_TLS1_1) |       \
-      defined(MBEDTLS_SSL_PROTO_TLS1_2) )
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
 /** \brief Compute the HMAC of variable-length data with constant flow.
  *
  * This function computes the HMAC of the concatenation of \p add_data and \p
@@ -894,7 +898,7 @@ int mbedtls_ssl_cf_hmac(
         const unsigned char *data, size_t data_len_secret,
         size_t min_data_len, size_t max_data_len,
         unsigned char *output );
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC && TLS 1.0-1.2 */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
 
 #ifdef __cplusplus
 }
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b2d129454..a0b586a49 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1805,10 +1805,7 @@ static int ssl_encrypt_buf( mbedtls_ssl_context *ssl )
     return( 0 );
 }
 
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
-    ( defined(MBEDTLS_SSL_PROTO_TLS1) ||        \
-      defined(MBEDTLS_SSL_PROTO_TLS1_1) ||      \
-      defined(MBEDTLS_SSL_PROTO_TLS1_2) )
+#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
 /*
  * Constant-flow conditional memcpy:
  *  - if c1 == c2, equivalent to memcpy(dst, src, len),
@@ -1918,7 +1915,7 @@ int mbedtls_ssl_cf_hmac(
     mbedtls_md_free( &aux );
     return( 0 );
 }
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_CBC && TLS 1.0-1.2 */
+#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
 
 static int ssl_decrypt_buf( mbedtls_ssl_context *ssl )
 {
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 989d89520..360be203f 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -53,7 +53,7 @@ void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
 void ssl_cf_hmac( int hash )
 {
     /*