diff --git a/lib/private/Security/Signature/Model/Rfc9421IncomingSignedRequest.php b/lib/private/Security/Signature/Model/Rfc9421IncomingSignedRequest.php
index 7e93da4ebbf..3697c156ec8 100644
--- a/lib/private/Security/Signature/Model/Rfc9421IncomingSignedRequest.php
+++ b/lib/private/Security/Signature/Model/Rfc9421IncomingSignedRequest.php
@@ -306,6 +306,9 @@ class Rfc9421IncomingSignedRequest extends SignedRequest implements
 			if ($value === '' && strtolower($component) === 'host') {
 				$value = $this->request->getServerHost();
 			}
+			if ($value === '') {
+				throw new IncomingRequestException('covered header is missing or empty: ' . $component);
+			}
 			$out[strtolower($component)] = $value;
 		}
 		return $out;
diff --git a/lib/private/Security/Signature/Rfc9421/Algorithm.php b/lib/private/Security/Signature/Rfc9421/Algorithm.php
index 155aead6013..40bec3cf153 100644
--- a/lib/private/Security/Signature/Rfc9421/Algorithm.php
+++ b/lib/private/Security/Signature/Rfc9421/Algorithm.php
@@ -31,6 +31,8 @@ use Throwable;
 final class Algorithm {
 	public const NATIVE = [
 		'rsa-v1_5-sha256',
+		'rsa-v1_5-sha384',
+		'rsa-v1_5-sha512',
 		'ecdsa-p256-sha256',
 		'ecdsa-p384-sha384',
 		'ed25519',