diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 0917bf72a..0880c405a 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -195,6 +195,12 @@
 #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED
 #endif
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+    (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
+#define MBEDTLS_SSL_TLS1_2_SOME_ECC
+#endif
+
 /* Make sure all configuration symbols are set before including check_config.h,
  * even the ones that are calculated programmatically. */
 #include "mbedtls/check_config.h"
diff --git a/library/ssl_client.c b/library/ssl_client.c
index 8ee06eba2..774605113 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -184,9 +184,8 @@ static int ssl_write_alpn_ext(mbedtls_ssl_context *ssl,
 }
 #endif /* MBEDTLS_SSL_ALPN */
 
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) || \
-    (defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(PSA_WANT_ALG_FFDH))
+#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) || \
+    defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
 /*
  * Function for writing a supported groups (TLS 1.3) or supported elliptic
  * curves (TLS 1.2) extension.
@@ -258,8 +257,9 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
     for (; *group_list != 0; group_list++) {
         MBEDTLS_SSL_DEBUG_MSG(1, ("got supported group(%04x)", *group_list));
 
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
-        defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_SSL_TLS1_2_SOME_ECC) || \
+        (defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+        defined(PSA_WANT_ALG_ECDH))
         if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
              mbedtls_ssl_tls13_named_group_is_ecdhe(*group_list)) ||
             (mbedtls_ssl_conf_is_tls12_enabled(ssl->conf) &&
@@ -275,8 +275,10 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
                                       mbedtls_ssl_get_curve_name_from_tls_id(*group_list),
                                       *group_list));
         }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(PSA_WANT_ALG_FFDH)
+#endif /* MBEDTLS_SSL_TLS1_2_SOME_ECC ||
+          (MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_ECDH) */
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
+        defined(PSA_WANT_ALG_FFDH)
         if ((mbedtls_ssl_conf_is_tls13_enabled(ssl->conf) &&
              mbedtls_ssl_tls13_named_group_is_dhe(*group_list))) {
 
@@ -286,7 +288,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
             MBEDTLS_PUT_UINT16_BE(*group_list, p, 0);
             p += 2;
         }
-#endif /* PSA_WANT_ALG_FFDH */
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */
     }
 
     /* Length of named_group_list */
@@ -315,9 +317,8 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl,
 
     return 0;
 }
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
-          MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED ||
-          (MBEDTLS_SSL_PROTO_TLS1_3 && PSA_WANT_ALG_FFDH) */
+#endif /* MBEDTLS_SSL_TLS1_2_SOME_ECC ||
+          MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_write_client_hello_cipher_suites(