diff --git a/auth.go b/auth.go
index 42775e3..7c5675c 100644
--- a/auth.go
+++ b/auth.go
@@ -242,9 +242,9 @@ func selectSignatureScheme(vers uint16, c *Certificate, peerAlgs []SignatureSche
 	// Pick signature scheme in the peer's preference order, as our
 	// preference order is not configurable.
 	for _, preferredAlg := range peerAlgs {
-		// if needFIPS() && !isSupportedSignatureAlgorithm(preferredAlg, fipsSupportedSignatureAlgorithms) {
-		// 	continue
-		// }
+		if needFIPS() && !isSupportedSignatureAlgorithm(preferredAlg, fipsSupportedSignatureAlgorithms) {
+			continue
+		}
 		if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) {
 			return preferredAlg, nil
 		}
diff --git a/ticket.go b/ticket.go
index ba34a51..9ce1454 100644
--- a/ticket.go
+++ b/ticket.go
@@ -144,7 +144,7 @@ func (c *Conn) encryptTicket(state []byte) ([]byte, error) {
 	return encrypted, nil
 }
 
-// [uTLS] changed to use exported DecryptTicketWith func below
+// [uTLS] added exported DecryptTicketWith func below
 func (c *Conn) decryptTicket(encrypted []byte) (plaintext []byte, usedOldKey bool) {
 	if len(encrypted) < ticketKeyNameLen+aes.BlockSize+sha256.Size {
 		return nil, false
@@ -191,7 +191,7 @@ func (c *Conn) decryptTicket(encrypted []byte) (plaintext []byte, usedOldKey boo
 // usedOldKey will be true if the key used for decryption is
 // not the first in the []TicketKey slice
 //
-// [uTLS] changed to be made public and take a TicketKeys instead of use a Conn receiver
+// [uTLS] changed to be made public and take a TicketKeys and use a fake conn receiver
 func DecryptTicketWith(encrypted []byte, tks TicketKeys) (plaintext []byte, usedOldKey bool) {
 	// create fake conn
 	c := &Conn{