diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index c5998abe6..f3e19105f 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -491,8 +491,6 @@ static const int sign_priority_secure192[] = {
 
 static const int mac_priority_normal_default[] = {
 	GNUTLS_MAC_SHA1,
-	GNUTLS_MAC_SHA256,
-	GNUTLS_MAC_SHA384,
 	GNUTLS_MAC_AEAD,
 	GNUTLS_MAC_MD5,
 	0
@@ -500,8 +498,6 @@ static const int mac_priority_normal_default[] = {
 
 static const int mac_priority_normal_fips[] = {
 	GNUTLS_MAC_SHA1,
-	GNUTLS_MAC_SHA256,
-	GNUTLS_MAC_SHA384,
 	GNUTLS_MAC_AEAD,
 	0
 };
@@ -530,15 +526,11 @@ static const int mac_priority_suiteb192[] = {
 
 static const int mac_priority_secure128[] = {
 	GNUTLS_MAC_SHA1,
-	GNUTLS_MAC_SHA256,
-	GNUTLS_MAC_SHA384,
 	GNUTLS_MAC_AEAD,
 	0
 };
 
 static const int mac_priority_secure192[] = {
-	GNUTLS_MAC_SHA256,
-	GNUTLS_MAC_SHA384,
 	GNUTLS_MAC_AEAD,
 	0
 };
diff --git a/tests/priorities.c b/tests/priorities.c
index f22b08b62..46221fcc0 100644
--- a/tests/priorities.c
+++ b/tests/priorities.c
@@ -100,18 +100,18 @@ try_prio(const char *prio, unsigned expected_cs, unsigned expected_ciphers)
 
 void doit(void)
 {
-	const int normal = 61;
-	const int null = 5;
-	const int sec128 = 56;
+	const int normal = 41;
+	const int null = 4;
+	const int sec128 = 36;
 
 	try_prio("NORMAL", normal, 9);
 	try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 9);
 	try_prio("NORMAL:+CIPHER-ALL", normal, 9);	/* all (except null) */
 	try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1);	/* null */
 	try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal + null, 10);	/* should be null + all */
-	try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1);	/* should be null + all */
+	try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 5, 1);
 	try_prio("PERFORMANCE", normal, 9);
-	try_prio("SECURE256", 20, 4);
+	try_prio("SECURE256", 10, 4);
 	try_prio("SECURE128", sec128, 8);
 	try_prio("SECURE128:+SECURE256", sec128, 8);	/* should be the same as SECURE128 */
 	try_prio("SECURE128:+SECURE256:+NORMAL", normal, 9);	/* should be the same as NORMAL */
-- 
2.14.3