diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index b3977a9a..658e0993 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1871,6 +1871,12 @@ int ssl3_get_key_exchange(SSL *s)
             pkey =
                 X509_get_pubkey(s->session->
                                 sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
+# endif
+# ifndef NO_GMSSL
+        else if (alg_a & SSL_aSM2)
+            pkey =
+                X509_get_pubkey(s->session->
+                                sess_cert->peer_pkeys[SSL_PKEY_ECC].x509);
 # endif
         /* else anonymous ECDH, so no certificate or pkey. */
         EC_KEY_set_public_key(ecdh, srvr_ecpoint);
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ae2d9cb3..4aaccbf1 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -163,7 +163,40 @@ const char ssl3_version_str[] = "SSLv3" OPENSSL_VERSION_PTEXT;
 
 /* list of available SSLv3 ciphers (sorted by id) */
 OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
+# ifndef NO_GMSSL
+	/* (GmSSL specific) */
+	{
+		1,
+		GM1_TXT_ECDHE_SM2_SM4_SM3,
+		GM1_CK_ECDHE_SM2_SM4_SM3,
+		SSL_kEECDH,
+		SSL_aSM2,
+		SSL_SM4,
+		SSL_SM3,
+		SSL_TLSV1_2,
+		SSL_NOT_EXP|SSL_HIGH,
+		SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+		128,
+		128,
+	},
 
+	/* (GmSSL Specific) */
+	{
+		1,
+		GM1_TXT_SM2_SM4_SM3,
+		GM1_CK_SM2_SM4_SM3,
+		SSL_kSM2,
+		SSL_aSM2,
+		SSL_SM4,
+		SSL_SM3,
+		SSL_TLSV1_2,
+		SSL_NOT_EXP|SSL_HIGH,
+		SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+		128,
+		128,
+	}
+# endif
+#if 0
 /* The RSA ciphers */
 /* Cipher 01 */
     {
@@ -2890,42 +2923,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
      256,
      256},
 #endif
-
-#ifndef NO_GMSSL
-	/* (GmSSL specific) */
-	{
-		1,
-		GM1_TXT_ECDHE_SM2_SM4_SM3,
-		GM1_CK_ECDHE_SM2_SM4_SM3,
-		SSL_kEECDH,
-		SSL_aSM2,
-		SSL_SM4,
-		SSL_SM3,
-		SSL_TLSV1_2,
-		SSL_NOT_EXP|SSL_HIGH,
-		SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		128,
-		128,
-	},
-
-	/* (GmSSL Specific) */
-	{
-		1,
-		GM1_TXT_SM2_SM4_SM3,
-		GM1_CK_SM2_SM4_SM3,
-		SSL_kSM2,
-		SSL_aSM2,
-		SSL_SM4,
-		SSL_SM3,
-		SSL_TLSV1_2,
-		SSL_NOT_EXP|SSL_HIGH,
-		SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
-		128,
-		128,
-	}
-
 #endif
-
 /* end of list */
 };
 
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 6194a226..e18f6b22 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -2128,7 +2128,12 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
          * chosen.
          */
         return SSL_PKEY_ECC;
-    } else if (alg_a & SSL_aECDSA)
+    } 
+# ifndef NO_GMSSL
+    else if (alg_a & SSL_aSM2)
+        return SSL_PKEY_ECC;
+# endif
+    else if (alg_a & SSL_aECDSA)
         return SSL_PKEY_ECC;
     else if (alg_k & SSL_kDHr)
         return SSL_PKEY_DH_RSA;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index da05eb0d..dd74a02d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2413,6 +2413,12 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
             mask_a |= SSL_aECDSA;
             emask_a |= SSL_aECDSA;
         }
+# endif
+# ifndef NO_GMSSL
+            mask_a |= SSL_aSM2;
+            emask_a |= SSL_aSM2;
+            mask_k |= SSL_kSM2;
+            emask_k |= SSL_kSM2;	
 # endif
     }
 #endif
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 03543c68..3c075879 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1026,6 +1026,10 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
                 tlsext_sigalg_ecdsa(md)
 
 static unsigned char tls12_sigalgs[] = {
+# ifndef NO_GMSSL
+        TLSEXT_hash_sm3,
+        TLSEXT_signature_sm2sign,
+# endif
 # ifndef OPENSSL_NO_SHA512
     tlsext_sigalg(TLSEXT_hash_sha512)
         tlsext_sigalg(TLSEXT_hash_sha384)