diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 418fc130b..62f22fd93 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -940,6 +940,11 @@ static int ssl_tls13_select_sig_alg_for_certificate_verify(
             mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
                                                         *sig_alg, own_key ) )
         {
+            MBEDTLS_SSL_DEBUG_MSG(
+                    3, ( "select_sig_alg_for_certificate_verify:"
+                         "selected signature algorithm %s [%04x]",
+                         mbedtls_ssl_sig_alg_to_str( *sig_alg ),
+                         *sig_alg ) );
             *algorithm = *sig_alg;
             return( 0 );
         }
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 2e7f1d88d..b7b25576e 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -389,10 +389,20 @@ static int ssl_tls13_pick_key_cert( mbedtls_ssl_context *ssl )
                 continue;
             }
 
+            MBEDTLS_SSL_DEBUG_MSG(
+                    3, ( "ssl_tls13_pick_key_cert:"
+                         "check signature algorithm %s [%04x]",
+                         mbedtls_ssl_sig_alg_to_str( *sig_alg ),
+                         *sig_alg ) );
             if( mbedtls_ssl_tls13_check_sig_alg_cert_key_match(
                                             *sig_alg, &key_cert->cert->pk ) )
             {
                 ssl->handshake->key_cert = key_cert;
+                MBEDTLS_SSL_DEBUG_MSG(
+                    3, ( "ssl_tls13_pick_key_cert:"
+                         "selected signature algorithm %s [%04x]",
+                         mbedtls_ssl_sig_alg_to_str( *sig_alg ),
+                         *sig_alg ) );
                 MBEDTLS_SSL_DEBUG_CRT(
                         3, "selected certificate (chain)",
                         ssl->handshake->key_cert->cert );