diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 9b980234a0..62988f259f 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1972,7 +1972,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers
 {
     switch( info->key_exchange )
     {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
             return( MBEDTLS_PK_RSA );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index aa4aa0855b..0abf2b99cb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7713,13 +7713,10 @@ unsigned int mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg(
                     continue;
 
                 if( sig_alg_received == MBEDTLS_SSL_SIG_RSA &&
-                    ! ( mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
-                                               PSA_ALG_RSA_PKCS1V15_CRYPT,
-                                               PSA_KEY_USAGE_DECRYPT ) ||
-                        mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
-                                               PSA_ALG_RSA_PKCS1V15_SIGN(
-                                                                psa_hash_alg ),
-                                               PSA_KEY_USAGE_SIGN_HASH ) ) )
+                    ! mbedtls_pk_can_do_ext( ssl->handshake->key_cert->key,
+                                             PSA_ALG_RSA_PKCS1V15_SIGN(
+                                                            psa_hash_alg ),
+                                             PSA_KEY_USAGE_SIGN_HASH ) )
                     continue;
             }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */