diff --git a/.evergreen/config.yml b/.evergreen/config.yml
index 32f96e9501..8aa647666a 100644
--- a/.evergreen/config.yml
+++ b/.evergreen/config.yml
@@ -206,7 +206,7 @@ functions:
         script: |
           KRB5_KEYTAB='${gssapi_auth_keytab_base64}' KRB5_PRINCIPAL='${gssapi_auth_principal}' \
           MONGODB_URI='${gssapi_auth_mongodb_uri}' UNIFIED=${UNIFIED} \
-          NODE_LTS_NAME='${NODE_LTS_NAME}' bash ${PROJECT_DIRECTORY}/.evergreen/run-kerberos-tests.sh
+          NODE_LTS_NAME='${NODE_LTS_NAME}' NODE_VERSION=${NODE_VERSION} bash ${PROJECT_DIRECTORY}/.evergreen/run-kerberos-tests.sh
   run ldap tests:
     - command: shell.exec
       type: test
diff --git a/.evergreen/run-kerberos-tests.sh b/.evergreen/run-kerberos-tests.sh
index 665d520efc..747421eae0 100644
--- a/.evergreen/run-kerberos-tests.sh
+++ b/.evergreen/run-kerberos-tests.sh
@@ -22,7 +22,16 @@ fi
 echo "Running kinit"
 kinit -k -t "$(pwd)/.evergreen/drivers.keytab" -p ${KRB5_PRINCIPAL}
 
-npm install kerberos
+set -o xtrace
+if [ -z ${NODE_VERSION+omitted} ]; then echo "NODE_VERSION is unset" && exit 1; fi
+NODE_MAJOR_VERSION=$(echo "$NODE_VERSION" |  cut -d. -f1)
+if [[ $NODE_MAJOR_VERSION -ge 12 ]]; then
+  npm install kerberos@">=2.0.0-beta.0"
+else
+  npm install kerberos@"^1.1.7"
+fi
+set +o xtrace
+
 npm run check:kerberos
 
 # destroy ticket
diff --git a/.evergreen/run-tests.sh b/.evergreen/run-tests.sh
index 60649bc1c1..61ccc6ea81 100755
--- a/.evergreen/run-tests.sh
+++ b/.evergreen/run-tests.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # set -o xtrace   # Write all commands first to stderr
 set -o errexit  # Exit the script with error if any of the commands fail
 
@@ -52,8 +52,12 @@ if [[ -z "${CLIENT_ENCRYPTION}" ]]; then
   unset AWS_ACCESS_KEY_ID;
   unset AWS_SECRET_ACCESS_KEY;
 else
-  npm install mongodb-client-encryption@latest
-
+  NODE_MAJOR_VERSION=$(echo $NODE_VERSION |  cut -d. -f1)
+  if [[ $NODE_MAJOR_VERSION -ge 12 ]]; then
+    npm install mongodb-client-encryption@">=2.0.0-beta.0"
+  else
+    npm install mongodb-client-encryption@"^1.2.7"
+  fi
   # Get access to the AWS temporary credentials:
   echo "adding temporary AWS credentials to environment"
   # CSFLE_AWS_TEMP_ACCESS_KEY_ID, CSFLE_AWS_TEMP_SECRET_ACCESS_KEY, CSFLE_AWS_TEMP_SESSION_TOKEN