diff --git a/certs/taoCert.txt b/certs/taoCert.txt
index 15a12c059..798660767 100644
--- a/certs/taoCert.txt
+++ b/certs/taoCert.txt
@@ -1,11 +1,11 @@
 
 ***** Create a self signed cert ************
 
-1) openssl genrsa 512 > client-key.pem
+1) openssl genrsa 1024 > client-key.pem
 
-2) openssl req -new -x509 -nodes -md5 -days 1000 -key client-key.pem > client-cert.pem
+2) openssl req -new -x509 -nodes -sha1 -days 1000 -key client-key.pem > client-cert.pem
 
-3) note sha1 would be -sha1
+3) note md5 would be -md5
 
 -- adding metadata to beginning
 
@@ -21,13 +21,13 @@ same as self signed, use ca prefix instead of client
 
 ***** Create a cert signed by CA **************
 
-1) openssl req -newkey rsa:512 -md5 -days 1000 -nodes -keyout server-key.pem > server-req.pem
+1) openssl req -newkey rsa:1024 -sha1 -days 1000 -nodes -keyout server-key.pem > server-req.pem
 
 * note if using exisitng key do: -new -key keyName
 
 2) copy ca-key.pem ca-cert.srl   (why ????)
 
-3) openssl x509 -req -in server-req.pem -days 1000 -md5 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
+3) openssl x509 -req -in server-req.pem -days 1000 -sha1 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem
 
 
 ***** Adding Subject Key ID and Authentication Key ID extensions to a cert *****
diff --git a/cyassl/internal.h b/cyassl/internal.h
index c1f2f8928..345478aa7 100644
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -1439,7 +1439,10 @@ enum ClientCertificateType {
     dss_fixed_dh        = 4,
     rsa_ephemeral_dh    = 5,
     dss_ephemeral_dh    = 6,
-    fortezza_kea_cert   = 20
+    fortezza_kea_cert   = 20,
+    ecdsa_sign          = 64,
+    rsa_fixed_ecdh      = 65,
+    ecdsa_fixed_ecdh    = 66
 };
 
 
diff --git a/src/internal.c b/src/internal.c
index 07a7896ea..a4421ffca 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6015,7 +6015,7 @@ int SendCertificateRequest(CYASSL* ssl)
     int    sendSz;
     word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
     
-    int  typeTotal = 1;  /* only rsa for now */
+    int  typeTotal = 1;  /* only 1 for now */
     int  reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ;  /* add auth later */
 
     if (IsAtLeastTLSv1_2(ssl))
@@ -6043,7 +6043,15 @@ int SendCertificateRequest(CYASSL* ssl)
 
     /* write to output */
     output[i++] = (byte)typeTotal;  /* # of types */
-    output[i++] = rsa_sign;
+#ifdef HAVE_ECC
+    if (ssl->options.cipherSuite0 == ECC_BYTE &&
+                     ssl->specs.sig_algo == ecc_dsa_sa_algo) {
+        output[i++] = ecdsa_sign;
+    } else
+#endif /* HAVE_ECC */
+    {
+        output[i++] = rsa_sign;
+    }
 
     /* supported hash/sig */
     if (IsAtLeastTLSv1_2(ssl)) {