diff --git a/common/compliance.c b/common/compliance.c
index c2daa654e..bcf621a45 100644
--- a/common/compliance.c
+++ b/common/compliance.c
@@ -193,9 +193,11 @@ gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
 }
 
 
-/* Return true if CIPHER is compliant to the given COMPLIANCE mode.  */
+/* Return true if (CIPHER, MODE) is compliant to the given COMPLIANCE mode.  */
 int
-gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, cipher_algo_t cipher)
+gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
+			   cipher_algo_t cipher,
+			   enum gcry_cipher_modes mode)
 {
   log_assert (initialized);
 
@@ -208,7 +210,15 @@ gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance, cipher_algo_t
 	case CIPHER_ALGO_AES192:
 	case CIPHER_ALGO_AES256:
 	case CIPHER_ALGO_3DES:
-	  return 1;
+	  switch (module)
+	    {
+	    case GNUPG_MODULE_NAME_GPG:
+	      return mode == GCRY_CIPHER_MODE_CFB;
+	    case GNUPG_MODULE_NAME_GPGSM:
+	      return mode == GCRY_CIPHER_MODE_CBC;
+	    }
+	  log_assert (!"reached");
+
 	default:
 	  return 0;
 	}
diff --git a/common/compliance.h b/common/compliance.h
index 7235b007b..e57495da2 100644
--- a/common/compliance.h
+++ b/common/compliance.h
@@ -45,7 +45,8 @@ int gnupg_pk_is_compliant (enum gnupg_compliance_mode compliance, int algo,
                            gcry_mpi_t key[], unsigned int keylength,
                            const char *curvename);
 int gnupg_cipher_is_compliant (enum gnupg_compliance_mode compliance,
-                               cipher_algo_t cipher);
+                               cipher_algo_t cipher,
+                               enum gcry_cipher_modes mode);
 int gnupg_digest_is_compliant (enum gnupg_compliance_mode compliance,
                                digest_algo_t digest);
 const char *gnupg_status_compliance_flag (enum gnupg_compliance_mode compliance);
diff --git a/g10/mainproc.c b/g10/mainproc.c
index 21ea6cafb..26cd0a9cc 100644
--- a/g10/mainproc.c
+++ b/g10/mainproc.c
@@ -607,7 +607,7 @@ proc_encrypted (CTX c, PACKET *pkt)
       /* Overriding session key voids compliance.  */
       && opt.override_session_key == NULL
       /* Check symmetric cipher.  */
-      && gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo))
+      && gnupg_cipher_is_compliant (CO_DE_VS, c->dek->algo, GCRY_CIPHER_MODE_CFB))
     {
       struct kidlist_item *i;
       int compliant = 1;
diff --git a/sm/decrypt.c b/sm/decrypt.c
index aa621ddf3..a36f69027 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -359,8 +359,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, estream_t out_fp)
             }
 
           /* For CMS, CO_DE_VS demands CBC mode.  */
-          is_de_vs = (mode == GCRY_CIPHER_MODE_CBC
-                      && gnupg_cipher_is_compliant (CO_DE_VS, algo));
+          is_de_vs = gnupg_cipher_is_compliant (CO_DE_VS, algo, mode);
 
           audit_log_i (ctrl->audit, AUDIT_DATA_CIPHER_ALGO, algo);
           dfparm.algo = algo;