diff --git a/test/ssl-tests/04-client_auth.conf b/test/ssl-tests/04-client_auth.conf
index 5b725c76b17bbedecee6ee83ca858d46b4ed6106..a9170984d4f130147a9d6c0af4efa1e25ad8ed2e 100644
--- a/test/ssl-tests/04-client_auth.conf
+++ b/test/ssl-tests/04-client_auth.conf
@@ -543,6 +543,7 @@ client = 18-client-auth-TLSv1.2-require-client
 [18-client-auth-TLSv1.2-require-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
 CipherString = DEFAULT
+ClientSignatureAlgorithms = SHA256+RSA
 MaxProtocol = TLSv1.2
 MinProtocol = TLSv1.2
 PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
@@ -560,6 +561,7 @@ VerifyMode = Peer
 
 [test-18]
 ExpectedClientCertType = RSA
+ExpectedClientSignHash = SHA256
 ExpectedResult = Success
 
 
diff --git a/test/ssl-tests/04-client_auth.conf.in b/test/ssl-tests/04-client_auth.conf.in
index 8738f908de06788341c6a9ec8437b44fda5884f4..d45e399c3ff0ca9f6a6c394cc505f9dac9a19ec5 100644
--- a/test/ssl-tests/04-client_auth.conf.in
+++ b/test/ssl-tests/04-client_auth.conf.in
@@ -33,6 +33,13 @@ sub generate_tests() {
             } else {
                 $caalert = "UnknownCA";
             }
+            my $clihash;
+            my $clisigalgs;
+            # TODO add TLSv1.3 versions
+            if ($protocol_name eq "TLSv1.2") {
+                $clihash = "SHA256";
+                $clisigalgs = "SHA256+RSA";
+            }
             # Sanity-check simple handshake.
             push @tests, {
                 name => "server-auth-${protocol_name}",
@@ -87,6 +94,7 @@ sub generate_tests() {
                 server => {
                     "MinProtocol" => $protocol,
                     "MaxProtocol" => $protocol,
+                    "ClientSignatureAlgorithms" => $clisigalgs,
                     "VerifyCAFile" => "\${ENV::TEST_CERTS_DIR}${dir_sep}root-cert.pem",
                     "VerifyMode" => "Request",
                 },
@@ -98,6 +106,7 @@ sub generate_tests() {
                 },
                 test   => { "ExpectedResult" => "Success",
                             "ExpectedClientCertType" => "RSA",
+                            "ExpectedClientSignHash" => $clihash,
                 },
             };
 
diff --git a/test/ssl-tests/20-cert-select.conf b/test/ssl-tests/20-cert-select.conf
index dbb339d211ef5fa4eb1058fc9f43e969d4c51eae..c663b7e959514fb249eb82f894ada75feb2f5aac 100644
--- a/test/ssl-tests/20-cert-select.conf
+++ b/test/ssl-tests/20-cert-select.conf
@@ -111,6 +111,7 @@ VerifyMode = Peer
 [test-3]
 ExpectedResult = Success
 ExpectedServerCertType = P-256
+ExpectedServerSignHash = SHA256
 
 
 # ===========================================================
@@ -163,5 +164,6 @@ VerifyMode = Peer
 [test-5]
 ExpectedResult = Success
 ExpectedServerCertType = RSA
+ExpectedServerSignHash = SHA256
 
 
diff --git a/test/ssl-tests/20-cert-select.conf.in b/test/ssl-tests/20-cert-select.conf.in
index d34849108b31d997b198f8aea52b30f7fe00cfaf..e8bac765eedf2a9eee5f60eb04a8036604d44b5c 100644
--- a/test/ssl-tests/20-cert-select.conf.in
+++ b/test/ssl-tests/20-cert-select.conf.in
@@ -59,7 +59,8 @@ our @tests = (
             "SignatureAlgorithms" => "ECDSA+SHA256",
         },
         test   => {
-            "ExpectedServerCertType" =>, "P-256",
+            "ExpectedServerCertType" => "P-256",
+            "ExpectedServerSignHash" => "SHA256",
             "ExpectedResult" => "Success"
         },
     },
@@ -80,7 +81,8 @@ our @tests = (
             "SignatureAlgorithms" => "RSA+SHA256",
         },
         test   => {
-            "ExpectedServerCertType" =>, "RSA",
+            "ExpectedServerCertType" => "RSA",
+            "ExpectedServerSignHash" => "SHA256",
             "ExpectedResult" => "Success"
         },
     }