diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index ebcc0d56bb..b03859a8d6 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1910,8 +1910,8 @@ start_processing:
         MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
         sig_alg = MBEDTLS_GET_UINT16_BE(p, 0);
         if (mbedtls_ssl_get_pk_sigalg_and_md_alg_from_sig_alg(
-                sig_alg, &pk_alg, &md_alg) != 0 &&
-            !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) &&
+                sig_alg, &pk_alg, &md_alg) != 0 ||
+            !mbedtls_ssl_sig_alg_is_offered(ssl, sig_alg) ||
             !mbedtls_ssl_sig_alg_is_supported(ssl, sig_alg)) {
             MBEDTLS_SSL_DEBUG_MSG(1,
                                   ("bad server key exchange message"));