diff --git a/handshake_server.go b/handshake_server.go
index 23ec558..77e56a7 100644
--- a/handshake_server.go
+++ b/handshake_server.go
@@ -60,21 +60,23 @@ FindCipherSuite:
 	for _, id := range clientHello.cipherSuites {
 		for _, supported := range config.cipherSuites() {
 			if id == supported {
-				suite = nil
+				var candidate *cipherSuite
+
 				for _, s := range cipherSuites {
 					if s.id == id {
-						suite = s
+						candidate = s
 						break
 					}
 				}
-				if suite == nil {
+				if candidate == nil {
 					continue
 				}
 				// Don't select a ciphersuite which we can't
 				// support for this client.
-				if suite.elliptic && !ellipticOk {
+				if candidate.elliptic && !ellipticOk {
 					continue
 				}
+				suite = candidate
 				break FindCipherSuite
 			}
 		}
diff --git a/key_agreement.go b/key_agreement.go
index 75f5c73..a931d8f 100644
--- a/key_agreement.go
+++ b/key_agreement.go
@@ -130,6 +130,10 @@ Curve:
 		}
 	}
 
+	if curveid == 0 {
+		return nil, errors.New("tls: no supported elliptic curves offered")
+	}
+
 	var x, y *big.Int
 	var err error
 	ka.privateKey, x, y, err = elliptic.GenerateKey(ka.curve, config.rand())