diff --git a/bogo/config.json.in b/bogo/config.json.in
index 40eb7707..e8f22ba7 100644
--- a/bogo/config.json.in
+++ b/bogo/config.json.in
@@ -61,6 +61,8 @@
     "*-ECDSA_SHA1-*": "no ecdsa-sha1",
     "*-Sign-RSA_PKCS1_SHA1-*": "no sha1",
     "*-VerifyDefault-RSA_PKCS1_SHA1-*": "no sha1",
+    "VerifyPreferences-NoCommonAlgorithms": "we validate but don't actually implement -verify-prefs",
+    "VerifyPreferences-Enforced": "",
     "*_P224_*": "no p224",
     "*-P-224-*": "",
 #ifdef RING
@@ -186,12 +188,9 @@
     "ALPNClient-EmptyProtocolName-TLS-TLS13": ":PEER_MISBEHAVIOUR:",
     "ALPNServer-EmptyProtocolName-TLS-TLS12": ":PEER_MISBEHAVIOUR:",
     "ALPNServer-EmptyProtocolName-TLS-TLS13": ":PEER_MISBEHAVIOUR:",
-    "Verify-ServerAuth-SignatureType": ":PEER_MISBEHAVIOUR:",
     "Verify-ClientAuth-SignatureType": ":BAD_SIGNATURE:",
     "Verify-ServerAuth-SignatureType-TLS13": ":BAD_SIGNATURE:",
     "Verify-ClientAuth-SignatureType-TLS13": ":BAD_SIGNATURE:",
-    "ClientAuth-Enforced": ":PEER_MISBEHAVIOUR:",
-    "ServerAuth-Enforced": ":PEER_MISBEHAVIOUR:",
     "UnofferedExtension-Client": ":PEER_MISBEHAVIOUR:",
     "UnknownExtension-Client": ":PEER_MISBEHAVIOUR:",
     "KeyUpdate-InvalidRequestMode": ":BAD_HANDSHAKE_MSG:",
@@ -226,14 +225,6 @@
     "NoSupportedVersions": ":INCOMPATIBLE:",
     "Client-VerifyDefault-RSA_PKCS1_SHA1-TLS12": ":PEER_ALERT_INTERNAL_ERROR:",
     "Server-VerifyDefault-RSA_PKCS1_SHA1-TLS12": ":HANDSHAKE_FAILURE:",
-    "Client-VerifyDefault-RSA_PKCS1_SHA1-TLS13": ":PEER_MISBEHAVIOUR:",
-    "Server-VerifyDefault-RSA_PKCS1_SHA1-TLS13": ":PEER_MISBEHAVIOUR:",
-    "Client-VerifyDefault-RSA_PKCS1_SHA256-TLS13": ":PEER_MISBEHAVIOUR:",
-    "Server-VerifyDefault-RSA_PKCS1_SHA256-TLS13": ":PEER_MISBEHAVIOUR:",
-    "Client-VerifyDefault-RSA_PKCS1_SHA384-TLS13": ":PEER_MISBEHAVIOUR:",
-    "Server-VerifyDefault-RSA_PKCS1_SHA384-TLS13": ":PEER_MISBEHAVIOUR:",
-    "Client-VerifyDefault-RSA_PKCS1_SHA512-TLS13": ":PEER_MISBEHAVIOUR:",
-    "Server-VerifyDefault-RSA_PKCS1_SHA512-TLS13": ":PEER_MISBEHAVIOUR:",
     "ClientAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12": ":PEER_MISBEHAVIOUR:",
     "ServerAuth-InvalidSignature-RSA-PKCS1-SHA1-TLS12": ":PEER_MISBEHAVIOUR:",
     "Server-Sign-RSA_PKCS1_SHA256-TLS13": ":INCOMPATIBLE:",
@@ -252,8 +243,6 @@
     "ClientAuth-NoFallback-ECDSA": ":BAD_HANDSHAKE_MSG:",
     "ClientAuth-NoFallback-TLS13": ":BAD_HANDSHAKE_MSG:",
     "ServerAuth-NoFallback-TLS13": ":INCOMPATIBLE:",
-    "ClientAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:",
-    "ServerAuth-Enforced-TLS13": ":PEER_MISBEHAVIOUR:",
     "SecondClientHelloWrongCurve-TLS13": ":PEER_MISBEHAVIOUR:",
     "SecondClientHelloMissingKeyShare-TLS13": ":INCOMPATIBLE:",
     "Resume-Server-BinderWrongLength-SecondBinder": ":PEER_MISBEHAVIOUR:",
@@ -347,9 +336,9 @@
     "SendExtensionOnClientCertificate-TLS13": ":PEER_MISBEHAVIOUR:",
     "SendBogusAlertType": ":BAD_ALERT:",
     "TLS13-HRR-InvalidCompressionMethod": ":BAD_HANDSHAKE_MSG:",
-    "CertificateCipherMismatch-RSA": ":PEER_MISBEHAVIOUR:",
-    "CertificateCipherMismatch-ECDSA": ":PEER_MISBEHAVIOUR:",
-    "CertificateCipherMismatch-Ed25519": ":PEER_MISBEHAVIOUR:",
+    "CertificateCipherMismatch-RSA": ":WRONG_SIGNATURE_TYPE:",
+    "CertificateCipherMismatch-ECDSA": ":WRONG_SIGNATURE_TYPE:",
+    "CertificateCipherMismatch-Ed25519": ":WRONG_SIGNATURE_TYPE:",
     "ServerCipherFilter-RSA": ":INCOMPATIBLE:",
     "ServerCipherFilter-ECDSA": ":INCOMPATIBLE:",
     "ServerCipherFilter-Ed25519": ":INCOMPATIBLE:",
diff --git a/rustls/examples/internal/bogo_shim_impl.rs b/rustls/examples/internal/bogo_shim_impl.rs
index 26a6181e..d56ddecf 100644
--- a/rustls/examples/internal/bogo_shim_impl.rs
+++ b/rustls/examples/internal/bogo_shim_impl.rs
@@ -760,6 +760,10 @@ fn handle_err(err: Error) -> ! {
         Error::PeerMisbehaved(PeerMisbehaved::TooMuchEarlyDataReceived) => {
             quit(":TOO_MUCH_READ_EARLY_DATA:")
         }
+        Error::PeerMisbehaved(PeerMisbehaved::SignedHandshakeWithUnadvertisedSigScheme)
+        | Error::PeerMisbehaved(PeerMisbehaved::SignedKxWithWrongAlgorithm) => {
+            quit(":WRONG_SIGNATURE_TYPE:")
+        }
         Error::PeerMisbehaved(_) => quit(":PEER_MISBEHAVIOUR:"),
         Error::NoCertificatesPresented => quit(":NO_CERTS:"),
         Error::AlertReceived(AlertDescription::UnexpectedMessage) => quit(":BAD_ALERT:"),
@@ -1091,6 +1095,9 @@ pub fn main() {
                     }
                 }
             }
+            "-verify-prefs" => {
+                lookup_scheme(args.remove(0).parse::<u16>().unwrap());
+            }
             "-max-cert-list" |
             "-expect-curve-id" |
             "-expect-resume-curve-id" |
@@ -1314,7 +1321,6 @@ pub fn main() {
             "-handshake-twice" |
             "-on-resume-verify-fail" |
             "-reverify-on-resume" |
-            "-verify-prefs" |
             "-no-op-extra-handshake" |
             "-expect-peer-cert-file" |
             "-no-rsa-pss-rsae-certs" |