diff --git a/ChangeLog b/ChangeLog
index c72ee5d45..1ec1ca81e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,10 @@
 PolarSSL ChangeLog (Sorted per branch, date)
 
 = 1.3 branch
+Security
+   * Lowest common hash was selected from signature_algorithms extension in
+     TLS 1.2 (found by Darren Bane) (introduced in 1.3.8).
+
 Bugfix
    * Support escaping of commas in x509_string_to_names()
    * Fix compile error in ssl_pthread_server (found by Julian Ospald).
diff --git a/library/md.c b/library/md.c
index 7f9c5dc84..5f3f32db3 100644
--- a/library/md.c
+++ b/library/md.c
@@ -53,13 +53,13 @@ static void polarssl_zeroize( void *v, size_t n ) {
 static const int supported_digests[] = {
 
 #if defined(POLARSSL_SHA512_C)
-        POLARSSL_MD_SHA384,
         POLARSSL_MD_SHA512,
+        POLARSSL_MD_SHA384,
 #endif
 
 #if defined(POLARSSL_SHA256_C)
-        POLARSSL_MD_SHA224,
         POLARSSL_MD_SHA256,
+        POLARSSL_MD_SHA224,
 #endif
 
 #if defined(POLARSSL_SHA1_C)
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 25be98826..6cce2ef9f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -494,11 +494,16 @@ static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
         for( p = buf + 2; p < end; p += 2 ) {
             if( *md_cur == (int) ssl_md_alg_from_hash( p[0] ) ) {
                 ssl->handshake->sig_alg = p[0];
-                break;
+                goto have_sig_alg;
             }
         }
     }
 
+    /* Some key echanges do not need signatures at all */
+    SSL_DEBUG_MSG( 3, ( "no signature_algorithm in common" ) );
+    return( 0 );
+
+have_sig_alg:
     SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
                    ssl->handshake->sig_alg ) );
 
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d435ee6b9..b183fc14b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -235,32 +235,33 @@ run_test() {
     fi
 
     # check other assertions
+    # lines beginning with == are added by valgrind, ignore them
     while [ $# -gt 0 ]
     do
         case $1 in
             "-s")
-                if grep "$2" $SRV_OUT >/dev/null; then :; else
+                if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then :; else
                     fail "-s $2"
                     return
                 fi
                 ;;
 
             "-c")
-                if grep "$2" $CLI_OUT >/dev/null; then :; else
+                if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then :; else
                     fail "-c $2"
                     return
                 fi
                 ;;
 
             "-S")
-                if grep "$2" $SRV_OUT >/dev/null; then
+                if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then
                     fail "-S $2"
                     return
                 fi
                 ;;
 
             "-C")
-                if grep "$2" $CLI_OUT >/dev/null; then
+                if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then
                     fail "-C $2"
                     return
                 fi
@@ -352,12 +353,20 @@ trap cleanup INT TERM HUP
 
 # Basic test
 
+# Checks that:
+# - things work with all ciphersuites active (used with config-full in all.sh)
+# - the expected (highest security) parameters are selected
+#   ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
 run_test    "Default" \
-            "$P_SRV" \
+            "$P_SRV debug_level=3" \
             "$P_CLI" \
             0 \
-            -S "Last error was" \
-            -C "Last error was"
+            -s "Protocol is TLSv1.2" \
+            -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
+            -s "client hello v3, signature_algorithm ext: 6" \
+            -s "ECDHE curve: secp521r1" \
+            -S "error" \
+            -C "error"
 
 # Test for SSLv2 ClientHello