diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h
index 928fa5850..d56067cef 100644
--- a/library/ssl_tls13_keys.h
+++ b/library/ssl_tls13_keys.h
@@ -44,6 +44,14 @@
     MBEDTLS_SSL_TLS1_3_LABEL( client_cv   , "TLS 1.3, client CertificateVerify" ) \
     MBEDTLS_SSL_TLS1_3_LABEL( server_cv   , "TLS 1.3, server CertificateVerify" )
 
+#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0
+#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED   1
+
+#define MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL   0
+#define MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION 1
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+
 #define MBEDTLS_SSL_TLS1_3_LABEL( name, string )       \
     const unsigned char name    [ sizeof(string) - 1 ];
 
@@ -158,10 +166,6 @@ int mbedtls_ssl_tls13_make_traffic_keys(
                      size_t key_len, size_t iv_len,
                      mbedtls_ssl_key_set *keys );
 
-
-#define MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED 0
-#define MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED   1
-
 /**
  * \brief The \c Derive-Secret function from the TLS 1.3 standard RFC 8446.
  *
@@ -455,9 +459,6 @@ int mbedtls_ssl_tls13_evolve_secret(
                    const unsigned char *input, size_t input_len,
                    unsigned char *secret_new );
 
-#define MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL   0
-#define MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION 1
-
 /**
  * \brief             Calculate a TLS 1.3 PSK binder.
  *
@@ -637,4 +638,6 @@ int mbedtls_ssl_tls13_calculate_verify_data( mbedtls_ssl_context *ssl,
                                              size_t *actual_len,
                                              int which );
 
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
 #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */