diff --git a/fips-check.sh b/fips-check.sh
index 1e12de3afd..5af43d3fa2 100755
--- a/fips-check.sh
+++ b/fips-check.sh
@@ -519,11 +519,21 @@ if [ -d ../fips/.git ]; then
         fi
     done
 
-    if ! $GIT clone --shared --no-checkout . "${TEST_DIR}/fips"; then
+    # The current tooling for the FIPS tests is in the master branch and must be
+    # checked out here.
+    if ! $GIT clone --shared --branch master . "${TEST_DIR}/fips"; then
         echo "fips-check: Couldn't clone current working directory." 1>&2
         exit 1
     fi
 
+    # Make sure master is up-to-date:
+    pushd "${TEST_DIR}/fips" 1>/dev/null || exit 2
+    if ! $GIT pull "$FIPS_REPO" master; then
+        echo "Can't refresh master FIPS tag" 1>&2
+        exit 1
+    fi
+    popd 1>/dev/null || exit 2
+
     FIPS_TAGS_CACHED_LOCALLY=y
 
     popd 1>/dev/null || exit 2
@@ -532,7 +542,9 @@ fi
 pushd "$TEST_DIR" 1>/dev/null || exit 2
 
 if [ ! -d fips ]; then
-    if ! $GIT clone --depth 1 --branch "${FIPS_TAGS_NEEDED[0]}" "$FIPS_REPO" fips; then
+    # The current tooling for the FIPS tests is in the master branch and must be
+    # checked out here.
+    if ! $GIT clone --depth 1 --branch master "$FIPS_REPO" fips; then
         echo "fips-check: Couldn't check out FIPS repository."
         exit 1
     fi