diff --git a/srtcore/socketconfig.cpp b/srtcore/socketconfig.cpp
index 15c88aeb8..35ad9ef83 100644
--- a/srtcore/socketconfig.cpp
+++ b/srtcore/socketconfig.cpp
@@ -333,7 +333,17 @@ struct CSrtConfigSetter<SRTO_TSBPDMODE>
 {
     static void set(CSrtConfig& co, const void* optval, int optlen)
     {
-        co.bTSBPD = cast_optval<bool>(optval, optlen);
+        const bool val = cast_optval<bool>(optval, optlen);
+#ifdef SRT_ENABLE_ENCRYPTION
+        if (val == false && co.iCryptoMode == CSrtConfig::CIPHER_MODE_AES_GCM)
+        {
+            using namespace srt_logging;
+            LOGC(aclog.Error, log << "Can't disable TSBPD as long as AES GCM is enabled.");
+            throw CUDTException(MJ_NOTSUP, MN_INVAL, 0);
+        }
+#endif
+
+        co.bTSBPD = val;
     }
 };
 template<>
@@ -888,20 +898,30 @@ struct CSrtConfigSetter<SRTO_CRYPTOMODE>
 {
     static void set(CSrtConfig& co, const void* optval, int optlen)
     {
+        using namespace srt_logging;
         const int val = cast_optval<int>(optval, optlen);
+#ifdef SRT_ENABLE_ENCRYPTION
         if (val < CSrtConfig::CIPHER_MODE_AUTO || val > CSrtConfig::CIPHER_MODE_AES_GCM)
             throw CUDTException(MJ_NOTSUP, MN_INVAL, 0);
 
-#ifdef SRT_ENABLE_ENCRYPTION
         if (val == CSrtConfig::CIPHER_MODE_AES_GCM && !HaiCrypt_IsAESGCM_Supported())
         {
-            using namespace srt_logging;
             LOGC(aclog.Error, log << "AES GCM is not supported by the crypto provider.");
             throw CUDTException(MJ_NOTSUP, MN_INVAL, 0);
         }
-#endif
+
+        if (val == CSrtConfig::CIPHER_MODE_AES_GCM && !co.bTSBPD)
+        {
+            LOGC(aclog.Error, log << "Enable TSBPD to use AES GCM.");
+            throw CUDTException(MJ_NOTSUP, MN_INVAL, 0);
+        }
 
         co.iCryptoMode = val;
+#else
+        LOGC(aclog.Error, log << "SRT was built without crypto module.");
+        throw CUDTException(MJ_NOTSUP, MN_INVAL, 0);
+#endif
+
     }
 };