diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 6ddacba4f8..22562a5ae8 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -336,27 +336,6 @@ static int ssl_tls13_check_ephemeral_key_exchange( mbedtls_ssl_context *ssl )
 }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-/*
- * Return 0 if the given key uses one of the acceptable curves, -1 otherwise
- */
-static int ssl_tls13_check_key_sigs( mbedtls_pk_context *pk,
-                                     uint16_t *sig_alg )
-{
-    mbedtls_pk_type_t pk_type;
-    mbedtls_md_type_t md_alg;
-
-    while( *sig_alg != MBEDTLS_TLS1_3_SIG_NONE )
-    {
-        mbedtls_ssl_tls13_get_pk_type_and_md_alg_from_sig_alg(
-                    *sig_alg, &pk_type, &md_alg );
-        if( pk_type == mbedtls_pk_get_type(pk) )
-            return( 0 );
-        sig_alg++;
-    }
-
-    return( -1 );
-}
-
 /*
  * Try picking a certificate for this ciphersuite,
  * return 0 on success and -1 on failure.
@@ -394,14 +373,6 @@ static int ssl_tls13_pick_cert( mbedtls_ssl_context *ssl )
             continue;
         }
 
-        if( ssl_tls13_check_key_sigs( &cur->cert->pk,
-                                      ssl->handshake->received_sig_algs ) != 0 )
-        {
-            MBEDTLS_SSL_DEBUG_MSG(
-                        3, ( "certificate key mismatch: received_sig_algs" ) );
-            continue;
-        }
-
         break;
     }
 
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c451708ca9..7124c8f3ec 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5363,7 +5363,6 @@ run_test    "Certificate hash: client TLS 1.2 -> SHA-2" \
 # tests for SNI
 
 requires_config_disabled MBEDTLS_X509_REMOVE_INFO
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "SNI: no SNI callback" \
             "$P_SRV debug_level=3 \
              crt_file=data_files/server5.crt key_file=data_files/server5.key" \