diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 190c0f066..3f9bf87b4 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -38,8 +38,8 @@
 #include <string.h>
 
 /*
- * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-512 is
- * available. Try SHA-256 first, 512 wastes resources
+ * If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-384 is
+ * available. Try SHA-256 first, 384 wastes resources
  */
 #if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
 #define COOKIE_MD           MBEDTLS_MD_SHA224
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index eee0dadac..4678f5386 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -604,6 +604,12 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl,
     mbedtls_sha512_update( &ssl->handshake->fin_sha384, buf, len );
 #endif
 #endif
+#if !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
+    !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+    (void) ssl;
+    (void) buf;
+    (void) len;
+#endif
 }
 
 #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
@@ -5165,6 +5171,10 @@ int mbedtls_ssl_get_handshake_transcript( mbedtls_ssl_context *ssl,
         goto exit;
 
 exit:
+#if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
+    !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+    (void) ssl;
+#endif
     return( psa_ssl_status_to_mbedtls( status ) );
 }
 #else /* MBEDTLS_USE_PSA_CRYPTO */
@@ -5437,6 +5447,8 @@ static psa_status_t setup_psa_key_derivation( psa_key_derivation_operation_t* de
     return( PSA_SUCCESS );
 }
 
+#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
+    defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int tls_prf_generic( mbedtls_md_type_t md_type,
                             const unsigned char *secret, size_t slen,
@@ -5511,7 +5523,7 @@ static int tls_prf_generic( mbedtls_md_type_t md_type,
 
     return( 0 );
 }
-
+#endif
 #else /* MBEDTLS_USE_PSA_CRYPTO */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
@@ -5917,7 +5929,10 @@ int mbedtls_ssl_set_calc_verify_md( mbedtls_ssl_context *ssl, int md )
         default:
             return( -1 );
     }
-
+#if !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \
+    !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
+    (void) ssl;
+#endif
     return( 0 );
 }
 
@@ -7436,8 +7451,6 @@ exit:
  * Helper to get TLS 1.2 PRF from ciphersuite
  * (Duplicates bits of logic from ssl_set_handshake_prfs().)
  */
-#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
-    defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
 static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
 {
     const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
@@ -7457,10 +7470,9 @@ static tls_prf_fn ssl_tls12prf_from_cs( int ciphersuite_id )
     !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
     (void) ciphersuite_info;
 #endif
+
     return( NULL );
 }
-#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA ||
-          MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
 
 static mbedtls_tls_prf_types tls_prf_get_type( mbedtls_ssl_tls_prf_cb *tls_prf )
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 1aa757c37..17caab211 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -11,12 +11,14 @@
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/timing.h"
 #include "mbedtls/ssl_cookie.h"
-
+#include "mbedtls/legacy_or_psa.h"
 
 #if defined(MBEDTLS_SSL_SRV_C) && \
     defined(MBEDTLS_ENTROPY_C) && \
     defined(MBEDTLS_CTR_DRBG_C) && \
-    defined(MBEDTLS_TIMING_C)
+    defined(MBEDTLS_TIMING_C) && \
+        ( defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
+          defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) )
 const char *pers = "fuzz_dtlsserver";
 const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
 static int initialized = 0;
@@ -32,7 +34,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
     defined(MBEDTLS_SSL_SRV_C) && \
     defined(MBEDTLS_ENTROPY_C) && \
     defined(MBEDTLS_CTR_DRBG_C) && \
-    defined(MBEDTLS_TIMING_C)
+    defined(MBEDTLS_TIMING_C) && \
+    ( defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \
+      defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) )
     int ret;
     size_t len;
     mbedtls_ssl_context ssl;
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 2d7750f77..409d14413 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -243,6 +243,7 @@ REVERSE_DEPENDENCIES = {
 EXCLUSIVE_GROUPS = {
     'MBEDTLS_SHA224_C': ['MBEDTLS_SHA256_C'],
     'MBEDTLS_SHA384_C': ['MBEDTLS_SHA512_C'],
+    'MBEDTLS_SHA512_C': ['!MBEDTLS_SSL_COOKIE_C'],
     'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['!MBEDTLS_ECDSA_C',
                                         '!MBEDTLS_ECDSA_DETERMINISTIC',
                                         '!MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',