diff --git a/mysql-test/suite.pm b/mysql-test/suite.pm
index e21db289445..ea0cd8dbbe1 100644
--- a/mysql-test/suite.pm
+++ b/mysql-test/suite.pm
@@ -89,6 +89,22 @@ sub skip_combinations {
   $skip{'main/ssl_verify_ip.test'} = 'x509v3 support required'
     unless $openssl_ver ge "1.0.2";
 
+  # Newer versions of OpenSSL and GnuTLS support crypto policies, which define
+  # the policy applicable for the various cryptographic back-ends, such as SSL/TLS libraries.
+  # The tls_version tests will only work in LEGACY mode (64-bit security), in
+  # other modes (DEFAULT=80-bit security, FIPS (RHEL only), FUTURE=112-bit security)
+  # tls protocols less than TLSv1.2 are not supported.
+
+  my $openssl_policy='/etc/crypto-policies/config';
+  if ($openssl_ver and open my $f, '<', $openssl_policy) {
+    my $cnf=<$f>;
+    $cnf=~ s/\s+$//;
+    $skip{'main/tls_version.test'} = "Protocols < TLSv1.2 are disabled in crypto policy '${cnf}'"
+      if $cnf ne "LEGACY";
+    $skip{'main/tls_version1.test'} = "Protocols < TLSv1.2 are disabled in crypto policy '${cnf}'"
+      if $cnf ne "LEGACY";
+  }
+
   my $openssl_cnf='/etc/ssl/openssl.cnf';
   if ($openssl_ver and open my $f, '<', $openssl_cnf) {
     local $/;