diff --git a/ChangeLog b/ChangeLog
index 8db0215914..48529f3092 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 
+= mbed TLS x.x.x branch released xxxx-xx-xx
+
+Bugfix
+   * Fix handshake failure in NIST suite b, where the key was determined as
+     MBEDTLS_ECKEY instead of MBEDTLS_ECDSA.
+
 = mbed TLS 2.7.0 branch released 2018-02-03
 
 Security
diff --git a/library/x509_crt.c b/library/x509_crt.c
index c6209fb40d..0e28dac01c 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -133,7 +133,8 @@ const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_suiteb =
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
     MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ),
     /* Only ECDSA */
-    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ),
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECDSA ) |
+    MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_ECKEY ),
 #if defined(MBEDTLS_ECP_C)
     /* Only NIST P-256 and P-384 */
     MBEDTLS_X509_ID_FLAG( MBEDTLS_ECP_DP_SECP256R1 ) |