diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index a78254cd1..2c8aa37a3 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -209,7 +209,7 @@ static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
 {
     unsigned char *p = buf;
     size_t sig_alg_len = 0;
-    const int *md;
+    const int *md = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
 
 #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
     unsigned char *sig_alg_list = buf + 6;
@@ -223,10 +223,10 @@ static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
     MBEDTLS_SSL_DEBUG_MSG( 3,
         ( "client hello, adding signature_algorithms extension" ) );
 
-    if( ssl->conf->sig_hashes == NULL )
+    if( md == NULL )
         return( MBEDTLS_ERR_SSL_BAD_CONFIG );
 
-    for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
+    for( ; *md != MBEDTLS_MD_NONE; md++ )
     {
 #if defined(MBEDTLS_ECDSA_C)
         sig_alg_len += 2;
@@ -253,7 +253,8 @@ static int ssl_write_sig_alg_ext( mbedtls_ssl_context *ssl, unsigned char *buf,
      */
     sig_alg_len = 0;
 
-    for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
+    for( md = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
+         *md != MBEDTLS_MD_NONE; md++ )
     {
 #if defined(MBEDTLS_ECDSA_C)
         sig_alg_list[sig_alg_len++] = mbedtls_ssl_hash_from_md_alg( *md );
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index a137e439c..9eaeab407 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2798,7 +2798,8 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
         /*
          * Supported signature algorithms
          */
-        for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
+        for( cur = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
+             *cur != MBEDTLS_MD_NONE; cur++ )
         {
             unsigned char hash = mbedtls_ssl_hash_from_md_alg( *cur );
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 40d21b5f8..d6b3baa43 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6858,12 +6858,12 @@ int mbedtls_ssl_check_curve( const mbedtls_ssl_context *ssl, mbedtls_ecp_group_i
 int mbedtls_ssl_check_sig_hash( const mbedtls_ssl_context *ssl,
                                 mbedtls_md_type_t md )
 {
-    const int *cur;
+    const int *cur = mbedtls_ssl_conf_get_sig_algs( ssl->conf );
 
-    if( ssl->conf->sig_hashes == NULL )
+    if( cur == NULL )
         return( -1 );
 
-    for( cur = ssl->conf->sig_hashes; *cur != MBEDTLS_MD_NONE; cur++ )
+    for( ; *cur != MBEDTLS_MD_NONE; cur++ )
         if( *cur == (int) md )
             return( 0 );