diff --git a/README.md b/README.md
index 7a40be481..ac5b59f45 100644
--- a/README.md
+++ b/README.md
@@ -994,6 +994,12 @@ Optionally included keys are:
 
 		Reverts the `passive` setting. Only useful if the `dtls-passive` config option is set.
 
+* `DTLS-fingerprint`
+
+	Contains a string and is used to select the hashing function to generate the DTLS fingerprint
+	from the certificate. The default is SHA-1, or the same hashing function as was used by the
+	peer. Available are `SHA-1`, `SHA-224`, `SHA-256`, `SHA-384`, and `SHA-512`.
+
 * `SDES`
 
 	A list of strings controlling the behaviour regarding SDES. The default is to offer SDES without any
diff --git a/daemon/call.c b/daemon/call.c
index a0e7c7309..63a97ed3d 100644
--- a/daemon/call.c
+++ b/daemon/call.c
@@ -1519,7 +1519,10 @@ static void __generate_crypto(const struct sdp_ng_flags *flags, struct call_medi
 	}
 
 skip_sdes:
-	;
+	if (flags->opmode == OP_OFFER) {
+		if (MEDIA_ISSET(this, DTLS) && !this->fingerprint.hash_func && flags->dtls_fingerprint.len)
+			this->fingerprint.hash_func = dtls_find_hash_func(&flags->dtls_fingerprint);
+	}
 }
 // for an answer, uses the incoming received list of SDES crypto suites to prune
 // the list of (generated) outgoing crypto suites to contain only the one that was
diff --git a/daemon/call_interfaces.c b/daemon/call_interfaces.c
index c0fe2f9f5..a18481d9c 100644
--- a/daemon/call_interfaces.c
+++ b/daemon/call_interfaces.c
@@ -992,6 +992,7 @@ static void call_ng_process_flags(struct sdp_ng_flags *out, bencode_item_t *inpu
 	out->tos = bencode_dictionary_get_int_str(input, "TOS", 256);
 	bencode_get_alt(input, "record-call", "record call", &out->record_call_str);
 	bencode_dictionary_get_str(input, "metadata", &out->metadata);
+	bencode_dictionary_get_str(input, "DTLS-fingerprint", &out->dtls_fingerprint);
 
 	if (opmode == OP_OFFER) {
 		out->ptime = bencode_dictionary_get_int_str(input, "ptime", 0);
diff --git a/include/call_interfaces.h b/include/call_interfaces.h
index 1c56168b4..071edaeda 100644
--- a/include/call_interfaces.h
+++ b/include/call_interfaces.h
@@ -46,6 +46,7 @@ struct sdp_ng_flags {
 	int ptime,
 	    rev_ptime;
 	GHashTable *sdes_no;
+	str dtls_fingerprint;
 	int asymmetric:1,
 	    protocol_accept:1,
 	    no_redis_update:1,