diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index de32c6fb8f464..ae249142ba7b9 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -553,33 +553,33 @@ static int verify_extension(SSL_CONNECTION *s, unsigned int context,
 int extension_is_relevant(SSL_CONNECTION *s, unsigned int extctx,
                           unsigned int thisctx)
 {
-    int is_tls13_or_dtls13;
+    int is_version13;
 
     /*
      * For HRR we haven't selected the version yet but we know it will be
      * (D)TLSv1.3
      */
     if ((thisctx & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)
-        is_tls13_or_dtls13 = 1;
+        is_version13 = 1;
     else
-        is_tls13_or_dtls13 = SSL_CONNECTION_IS_TLS13(s) || SSL_CONNECTION_IS_DTLS13(s);
+        is_version13 = SSL_CONNECTION_IS_TLS13(s) || SSL_CONNECTION_IS_DTLS13(s);
 
     if ((SSL_CONNECTION_IS_DTLS(s)
                 && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0)
             || (s->version == SSL3_VERSION
                     && (extctx & SSL_EXT_SSL3_ALLOWED) == 0)
             /*
-             * Note that is_tls13_or_dtls13 means "(D)TLS 1.3 has been negotiated",
+             * Note that is_version13 means "(D)TLS 1.3 has been negotiated",
              * which is never true when generating the ClientHello.
              * However, version negotiation *has* occurred by the time the
              * ClientHello extensions are being parsed.
              * Be careful to allow (D)TLS 1.3-only extensions when generating
              * the ClientHello.
              */
-            || (is_tls13_or_dtls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0)
-            || (!is_tls13_or_dtls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0
+            || (is_version13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0)
+            || (!is_version13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0
                 && (thisctx & SSL_EXT_CLIENT_HELLO) == 0)
-            || (s->server && !is_tls13_or_dtls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0)
+            || (s->server && !is_version13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0)
             || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0))
         return 0;
     return 1;
diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
index 792d4c3661ef1..8f26009eff5ac 100644
--- a/ssl/statem/extensions_srvr.c
+++ b/ssl/statem/extensions_srvr.c
@@ -647,7 +647,9 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt,
     }
 
     while (PACKET_remaining(&key_share_list) > 0) {
-        int version;
+        const int version13 = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION
+                                                        : TLS1_3_VERSION;
+
         if (!PACKET_get_net_2(&key_share_list, &group_id)
                 || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt)
                 || PACKET_remaining(&encoded_pt) == 0) {
@@ -679,8 +681,6 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt,
             return 0;
         }
 
-        version = SSL_CONNECTION_IS_DTLS(s) ? DTLS1_3_VERSION : TLS1_3_VERSION;
-
         /* Check if this share is for a group we can use */
         if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)
                 || !tls_group_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)
@@ -688,7 +688,7 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt,
                     * We tolerate but ignore a group id that we don't think is
                     * suitable for (D)TLSv1.3
                     */
-                || !tls_valid_group(s, group_id, version, version,
+                || !tls_valid_group(s, group_id, version13, version13,
                                     0, NULL)) {
             /* Share not suitable */
             continue;