diff --git a/test/ssl-tests/28-seclevel.cnf b/test/ssl-tests/28-seclevel.cnf
index 99fa8109c3..d75a7b1ef9 100644
--- a/test/ssl-tests/28-seclevel.cnf
+++ b/test/ssl-tests/28-seclevel.cnf
@@ -43,10 +43,12 @@ client = 1-SECLEVEL 4 with ED448 key-client
 [1-SECLEVEL 4 with ED448 key-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
 CipherString = DEFAULT:@SECLEVEL=4
+Groups = ?X448:?secp521r1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
 
 [1-SECLEVEL 4 with ED448 key-client]
 CipherString = DEFAULT:@SECLEVEL=4
+Groups = ?X448:?secp521r1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
 VerifyMode = Peer
 
@@ -66,10 +68,12 @@ client = 2-SECLEVEL 5 server with ED448 key-client
 [2-SECLEVEL 5 server with ED448 key-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
 CipherString = DEFAULT:@SECLEVEL=5
+Groups = ?X448:?secp521r1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
 
 [2-SECLEVEL 5 server with ED448 key-client]
 CipherString = DEFAULT:@SECLEVEL=4
+Groups = ?X448:?secp521r1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
 VerifyMode = Peer
 
@@ -89,10 +93,12 @@ client = 3-SECLEVEL 5 client with ED448 key-client
 [3-SECLEVEL 5 client with ED448 key-server]
 Certificate = ${ENV::TEST_CERTS_DIR}/server-ed448-cert.pem
 CipherString = DEFAULT:@SECLEVEL=4
+Groups = ?X448:?secp521r1
 PrivateKey = ${ENV::TEST_CERTS_DIR}/server-ed448-key.pem
 
 [3-SECLEVEL 5 client with ED448 key-client]
 CipherString = DEFAULT:@SECLEVEL=5
+Groups = ?X448:?secp521r1
 VerifyCAFile = ${ENV::TEST_CERTS_DIR}/root-ed448-cert.pem
 VerifyMode = Peer
 
diff --git a/test/ssl-tests/28-seclevel.cnf.in b/test/ssl-tests/28-seclevel.cnf.in
index f227deadcd..b9d0fe87e3 100644
--- a/test/ssl-tests/28-seclevel.cnf.in
+++ b/test/ssl-tests/28-seclevel.cnf.in
@@ -27,9 +27,11 @@ our @tests_ec = (
     {
         name => "SECLEVEL 4 with ED448 key",
         server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
+                    "Groups" => "?X448:?secp521r1",
                     "Certificate" => test_pem("server-ed448-cert.pem"),
                     "PrivateKey" => test_pem("server-ed448-key.pem") },
         client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
+                    "Groups" => "?X448:?secp521r1",
                     "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
         test   => { "ExpectedResult" => "Success" },
     },
@@ -40,9 +42,11 @@ our @tests_ec = (
         # the order will be reversed and it will instead fail to load the key.
         name => "SECLEVEL 5 server with ED448 key",
         server => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
+                    "Groups" => "?X448:?secp521r1",
                     "Certificate" => test_pem("server-ed448-cert.pem"),
                     "PrivateKey" => test_pem("server-ed448-key.pem") },
         client => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
+                    "Groups" => "?X448:?secp521r1",
                     "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
         test   => { "ExpectedResult" => "ServerFail" },
     },
@@ -51,9 +55,11 @@ our @tests_ec = (
         # doesn't have a usable signature algorithm for the certificate.
         name => "SECLEVEL 5 client with ED448 key",
         server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
+                    "Groups" => "?X448:?secp521r1",
                     "Certificate" => test_pem("server-ed448-cert.pem"),
                     "PrivateKey" => test_pem("server-ed448-key.pem") },
         client => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
+                    "Groups" => "?X448:?secp521r1",
                     "VerifyCAFile" => test_pem("root-ed448-cert.pem") },
         test   => { "ExpectedResult" => "ServerFail" },
     }