diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 54c0e319fe..f0d3cbdd92 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3529,11 +3529,11 @@ TLS 1.3 - HRR then TLS 1.2 second ClientHello
 tls13_hrr_then_tls12_second_client_hello
 
 Baseline for: Server using sig_alg not offered by the client - RSA with SHA256
-depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SHA256_C
 send_invalid_sig_alg:MBEDTLS_SSL_SIG_RSA:MBEDTLS_SSL_HASH_SHA256:0
 
 Negative Test: Server using sig_alg not offered by the client - RSA with SHA256
-depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:MBEDTLS_SHA256_C
+depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SHA256_C
 send_invalid_sig_alg:MBEDTLS_SSL_SIG_RSA:MBEDTLS_SSL_HASH_SHA256:MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER
 
 Baseline for: Server using sig_alg not offered by the client - ECDSA with SHA512
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 6eba9c7eed..1e65ab2dce 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -5746,6 +5746,7 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret)
     memset(&client, 0, sizeof(client));
     mbedtls_test_handshake_test_options options;
     memset(&options, 0, sizeof(options));
+    int forced_ciphersuite[2] = { 0, 0 };
 
     uint16_t target_sig_alg = ((hash << 8) | sig);
 
@@ -5760,10 +5761,13 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret)
 
     // Force a ciphersuite where target_sig_alg is relevant
     if (sig == MBEDTLS_SSL_SIG_ECDSA) {
-        options.cipher = "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256";
+        forced_ciphersuite[0] =
+            mbedtls_ssl_get_ciphersuite_id("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256");
     } else {
-        options.cipher = "TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256";
+        forced_ciphersuite[0] =
+            mbedtls_ssl_get_ciphersuite_id("TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256");
     }
+    TEST_ASSERT(forced_ciphersuite[0] != 0);
 
     // Force TLS 1.2 as this test is a non-regression test for a bug in TLS 1.2 client and TLS 1.3
     // behaviour in this regard is substantially different.
@@ -5792,6 +5796,8 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret)
                                          &options, NULL, NULL, NULL);
     TEST_EQUAL(ret, 0);
 
+    mbedtls_ssl_conf_ciphersuites(&client.conf, forced_ciphersuite);
+
     // Remove the target signature algorithm from the client's list
     size_t client_sig_algs_len = 0;
     while (client.conf.sig_algs[client_sig_algs_len++] != MBEDTLS_TLS1_3_SIG_NONE) {
@@ -5814,6 +5820,8 @@ void send_invalid_sig_alg(int sig, int hash, int expected_ret)
                                          &options, NULL, NULL, NULL);
     TEST_EQUAL(ret, 0);
 
+    mbedtls_ssl_conf_ciphersuites(&server.conf, forced_ciphersuite);
+
     ret = mbedtls_test_mock_socket_connect(&server.socket, &client.socket,
                                            BUFFSIZE);
     TEST_EQUAL(ret, 0);