diff --git a/res/res_srtp.c b/res/res_srtp.c
index 3519def7ed267a073536e1ae00a6e98e1fdbaf8e..cdd95af3a3f3445539c160bffed76d8ed7702bb9 100644
--- a/res/res_srtp.c
+++ b/res/res_srtp.c
@@ -275,7 +275,7 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
 		crypto_policy_set_aes_cm_128_hmac_sha1_32(p);
 		return 0;
 
-#ifdef HAVE_SRTP_192
+#if defined(HAVE_SRTP_192) && defined(ENABLE_SRTP_AES_192)
 	case AST_AES_CM_192_HMAC_SHA1_80:
 		crypto_policy_set_aes_cm_192_hmac_sha1_80(p);
 		return 0;
@@ -284,7 +284,7 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
 		crypto_policy_set_aes_cm_192_hmac_sha1_32(p);
 		return 0;
 #endif
-#ifdef HAVE_SRTP_256
+#if defined(HAVE_SRTP_256) && defined(ENABLE_SRTP_AES_256)
 	case AST_AES_CM_256_HMAC_SHA1_80:
 		crypto_policy_set_aes_cm_256_hmac_sha1_80(p);
 		return 0;
@@ -293,18 +293,19 @@ static int policy_set_suite(crypto_policy_t *p, enum ast_srtp_suite suite)
 		crypto_policy_set_aes_cm_256_hmac_sha1_32(p);
 		return 0;
 #endif
-#ifdef HAVE_SRTP_GCM
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM)
 	case AST_AES_GCM_128:
 		crypto_policy_set_aes_gcm_128_16_auth(p);
 		return 0;
 
-	case AST_AES_GCM_256:
-		crypto_policy_set_aes_gcm_256_16_auth(p);
-		return 0;
-
 	case AST_AES_GCM_128_8:
 		crypto_policy_set_aes_gcm_128_8_auth(p);
 		return 0;
+#endif
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) && defined(ENABLE_SRTP_AES_256)
+	case AST_AES_GCM_256:
+		crypto_policy_set_aes_gcm_256_16_auth(p);
+		return 0;
 
 	case AST_AES_GCM_256_8:
 		crypto_policy_set_aes_gcm_256_8_auth(p);
@@ -880,7 +881,7 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
 		suite_val = AST_AES_CM_128_HMAC_SHA1_32;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_32);
 		key_len_expected = 30;
-#ifdef HAVE_SRTP_192
+#if defined(HAVE_SRTP_192) && defined(ENABLE_SRTP_AES_192)
 	} else if (!strcmp(suite, "AES_192_CM_HMAC_SHA1_80")) {
 		suite_val = AST_AES_CM_192_HMAC_SHA1_80;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_80);
@@ -905,7 +906,7 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_OLD_NAME);
 		key_len_expected = 38;
 #endif
-#ifdef HAVE_SRTP_256
+#if defined(HAVE_SRTP_256) && defined(ENABLE_SRTP_AES_256)
 	} else if (!strcmp(suite, "AES_256_CM_HMAC_SHA1_80")) {
 		suite_val = AST_AES_CM_256_HMAC_SHA1_80;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_80);
@@ -930,21 +931,24 @@ static int res_sdp_crypto_parse_offer(struct ast_rtp_instance *rtp, struct ast_s
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_OLD_NAME);
 		key_len_expected = 46;
 #endif
-#ifdef HAVE_SRTP_GCM
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM)
 	} else if (!strcmp(suite, "AEAD_AES_128_GCM")) {
 		suite_val = AST_AES_GCM_128;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_16);
 		key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
+	/* RFC contained a (too) short auth tag for RTP media, some still use that */
+	} else if (!strcmp(suite, "AEAD_AES_128_GCM_8")) {
+		suite_val = AST_AES_GCM_128_8;
+		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);
+		key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
+#endif
+#if defined(HAVE_SRTP_GCM) && defined(ENABLE_SRTP_AES_GCM) && defined(ENABLE_SRTP_AES_256)
 	} else if (!strcmp(suite, "AEAD_AES_256_GCM")) {
 		suite_val = AST_AES_GCM_256;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_16);
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_AES_256);
 		key_len_expected = AES_256_GCM_KEYSIZE_WSALT;
 	/* RFC contained a (too) short auth tag for RTP media, some still use that */
-	} else if (!strcmp(suite, "AEAD_AES_128_GCM_8")) {
-		suite_val = AST_AES_GCM_128_8;
-		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);
-		key_len_expected = AES_128_GCM_KEYSIZE_WSALT;
 	} else if (!strcmp(suite, "AEAD_AES_256_GCM_8")) {
 		suite_val = AST_AES_GCM_256_8;
 		ast_set_flag(srtp, AST_SRTP_CRYPTO_TAG_8);