diff --git a/Userland/Libraries/LibTLS/Handshake.cpp b/Userland/Libraries/LibTLS/Handshake.cpp
index 99448fd4b3..6fefbf7e1e 100644
--- a/Userland/Libraries/LibTLS/Handshake.cpp
+++ b/Userland/Libraries/LibTLS/Handshake.cpp
@@ -67,6 +67,9 @@ ByteBuffer TLSv12::build_hello()
     if (!m_context.extensions.SNI.is_null() && m_context.options.use_sni)
         sni_length = m_context.extensions.SNI.length();
 
+    // signature_algorithms: 2b extension ID, 2b extension length, 2b vector length, 2xN signatures and hashes
+    extension_length += 2 + 2 + 2 + 2 * m_context.options.supported_signature_algorithms.size();
+
     if (sni_length)
         extension_length += sni_length + 9;
 
@@ -86,6 +89,18 @@ ByteBuffer TLSv12::build_hello()
         builder.append((const u8*)m_context.extensions.SNI.characters(), sni_length);
     }
 
+    // signature_algorithms extension
+    builder.append((u16)HandshakeExtension::SignatureAlgorithms);
+    // Extension length
+    builder.append((u16)(2 + 2 * m_context.options.supported_signature_algorithms.size()));
+    // Vector count
+    builder.append((u16)(m_context.options.supported_signature_algorithms.size() * 2));
+    // Entries
+    for (auto& entry : m_context.options.supported_signature_algorithms) {
+        builder.append((u8)entry.hash);
+        builder.append((u8)entry.signature);
+    }
+
     if (alpn_length) {
         // TODO
         VERIFY_NOT_REACHED();
diff --git a/Userland/Libraries/LibTLS/TLSv12.h b/Userland/Libraries/LibTLS/TLSv12.h
index a941a2e35a..b45eff3a69 100644
--- a/Userland/Libraries/LibTLS/TLSv12.h
+++ b/Userland/Libraries/LibTLS/TLSv12.h
@@ -179,6 +179,28 @@ enum ClientVerificationStaus {
     VerificationNeeded,
 };
 
+enum class HashAlgorithm : u8 {
+    None = 0,
+    MD5 = 1,
+    SHA1 = 2,
+    SHA224 = 3,
+    SHA256 = 4,
+    SHA384 = 5,
+    SHA512 = 6,
+};
+
+enum class SignatureAlgorithm : u8 {
+    Anonymous = 0,
+    RSA = 1,
+    DSA = 2,
+    ECDSA = 3,
+};
+
+struct SignatureAndHashAlgorithm {
+    HashAlgorithm hash;
+    SignatureAlgorithm signature;
+};
+
 struct Options {
 #define OPTION_WITH_DEFAULTS(typ, name, ...)                    \
     static typ default_##name() { return typ { __VA_ARGS__ }; } \
@@ -192,6 +214,10 @@ struct Options {
         CipherSuite::RSA_WITH_AES_128_GCM_SHA256)
 
     OPTION_WITH_DEFAULTS(Version, version, Version::V12)
+    OPTION_WITH_DEFAULTS(Vector<SignatureAndHashAlgorithm>, supported_signature_algorithms,
+        { HashAlgorithm::SHA512, SignatureAlgorithm::RSA },
+        { HashAlgorithm::SHA256, SignatureAlgorithm::RSA },
+        { HashAlgorithm::SHA1, SignatureAlgorithm::RSA });
 
     OPTION_WITH_DEFAULTS(bool, use_sni, true)
     OPTION_WITH_DEFAULTS(bool, use_compression, false)