diff --git a/core/rfb.js b/core/rfb.js
index 8fd5b796..f524411b 100644
--- a/core/rfb.js
+++ b/core/rfb.js
@@ -1835,11 +1835,7 @@ export default class RFB extends EventTargetMixin {
     _negotiateAuthentication() {
         switch (this._rfbAuthScheme) {
             case 1:  // no auth
-                if (this._rfbVersion >= 3.8) {
-                    this._rfbInitState = 'SecurityResult';
-                    return true;
-                }
-                this._rfbInitState = 'ClientInitialisation';
+                this._rfbInitState = 'SecurityResult';
                 return true;
 
             case 22:  // XVP auth
@@ -1870,6 +1866,13 @@ export default class RFB extends EventTargetMixin {
     }
 
     _handleSecurityResult() {
+        // There is no security choice, and hence no security result
+        // until RFB 3.7
+        if (this._rfbVersion < 3.7) {
+            this._rfbInitState = 'ClientInitialisation';
+            return true;
+        }
+
         if (this._sock.rQwait('VNC auth response ', 4)) { return false; }
 
         const status = this._sock.rQshift32();
diff --git a/tests/test.rfb.js b/tests/test.rfb.js
index 2b9d5e7f..4f168618 100644
--- a/tests/test.rfb.js
+++ b/tests/test.rfb.js
@@ -1144,7 +1144,7 @@ describe('Remote Frame Buffer Protocol Client', function () {
                 const authSchemes = [2, 1, 3];
                 client._sock._websocket._receiveData(new Uint8Array(authSchemes));
                 expect(client._rfbAuthScheme).to.equal(1);
-                expect(client._sock).to.have.sent(new Uint8Array([1, 1]));
+                expect(client._sock).to.have.sent(new Uint8Array([1]));
             });
 
             it('should choose for the most prefered scheme possible for versions >= 3.7', function () {
@@ -1209,15 +1209,15 @@ describe('Remote Frame Buffer Protocol Client', function () {
                     'Security negotiation failed on authentication scheme (reason: Whoopsies)');
             });
 
-            it('should transition straight to SecurityResult on "no auth" (1) for versions >= 3.8', function () {
-                client._rfbVersion = 3.8;
+            it('should transition straight to SecurityResult on "no auth" (1) for versions >= 3.7', function () {
+                client._rfbVersion = 3.7;
                 sendSecurity(1, client);
                 expect(client._rfbInitState).to.equal('SecurityResult');
             });
 
-            it('should transition straight to ServerInitialisation on "no auth" for versions < 3.8', function () {
-                client._rfbVersion = 3.7;
-                sendSecurity(1, client);
+            it('should transition straight to ServerInitialisation on "no auth" for versions < 3.7', function () {
+                client._rfbVersion = 3.6;
+                client._sock._websocket._receiveData(new Uint8Array([0, 0, 0, 1]));
                 expect(client._rfbInitState).to.equal('ServerInitialisation');
             });