diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c
index f6fbf43dfd3..ccdb5d1dfa1 100644
--- a/lib/libssl/ssl_tlsext.c
+++ b/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.160 2026/05/09 11:45:50 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.161 2026/06/06 08:45:41 tb Exp $ */
 /*
  * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -193,6 +193,10 @@ tlsext_alpn_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
 static int
 tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type)
 {
+	/*
+	 * XXX - Don't send an empty named_group_list. For TLSv1.3 we error
+	 * earlier; for TLSv1.2 ensure we don't send the extension.
+	 */
 	return ssl_has_ecc_ciphers(s) ||
 	    (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
 }
@@ -215,7 +219,7 @@ tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
 		return 0;
 
 	for (i = 0; i < groups_len; i++) {
-		if (!ssl_security_supported_group(s, groups[i]))
+		if (!tls1_check_group(s, groups[i]))
 			continue;
 		if (!CBB_add_u16(&grouplist, groups[i]))
 			return 0;
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c
index 9947dcba1dd..9dfcc0c0f37 100644
--- a/lib/libssl/t1_lib.c
+++ b/lib/libssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.208 2026/06/04 18:02:52 tb Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.209 2026/06/06 08:45:41 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -154,6 +154,7 @@ struct supported_group {
 	uint16_t group_id;
 	int nid;
 	int bits;
+	uint16_t min_version;
 };
 
 /*
@@ -310,6 +311,7 @@ static const struct supported_group nid_list[] = {
 		.group_id = 4588,
 		.nid = NID_X25519MLKEM768,
 		.bits = 128,
+		.min_version = TLS1_3_VERSION,
 	},
 };
 
@@ -512,6 +514,17 @@ tls1_group_id_present(uint16_t group_id, const uint16_t *list, size_t list_len)
 	return 0;
 }
 
+static int
+tls1_group_id_allowed(const SSL *ssl, uint16_t group_id)
+{
+	const struct supported_group *sg;
+
+	if ((sg = tls1_supported_group_by_id(group_id)) == NULL)
+		return 0;
+
+	return ssl_effective_tls_version(ssl) >= sg->min_version;
+}
+
 int
 tls1_count_shared_groups(const SSL *ssl, size_t *out_count)
 {
@@ -529,6 +542,9 @@ tls1_count_shared_groups(const SSL *ssl, size_t *out_count)
 		if (!ssl_security_shared_group(ssl, pref[i]))
 			continue;
 
+		if (!tls1_group_id_allowed(ssl, pref[i]))
+			continue;
+
 		count++;
 	}
 
@@ -555,6 +571,9 @@ tls1_group_by_index(const SSL *ssl, size_t n, int *out_nid,
 		if (!ssl_security_fn(ssl, pref[i]))
 			continue;
 
+		if (!tls1_group_id_allowed(ssl, pref[i]))
+			continue;
+
 		if (count++ == n)
 			return tls1_ec_group_id2nid(pref[i], out_nid);
 	}
@@ -659,6 +678,10 @@ tls1_check_group(SSL *s, uint16_t group_id)
 	for (i = 0; i < groupslen; i++) {
 		if (!ssl_security_supported_group(s, groups[i]))
 			continue;
+
+		if (!tls1_group_id_allowed(s, groups[i]))
+			continue;
+
 		if (groups[i] == group_id)
 			return 1;
 	}