Ospd-openvas v20.08: unsupported certificate purpose

I’m attempting to upgrade from OpenVAS 9 to OpenVAS 20.08, and we’re attempting to use a certificate template on our internal CA that worked for Openvas 9 when including certs for ospd-openvas.

For each incoming request, we see now the following error:
Traceback (most recent call last):
File “/usr/lib/python3.7/socketserver.py”, line 650, in process_request_thread
self.finish_request(request, client_address)
File “/usr/lib/python3.7/socketserver.py”, line 360, in finish_request
self.RequestHandlerClass(request, client_address, self)
File “/usr/lib/python3.7/socketserver.py”, line 720, in init
self.handle()
File “/opt/openvas/bin/ospd-scanner/lib/python3.7/site-packages/ospd/server.py”, line 131, in handle
self.server.handle_request(self.request, self.client_address)
File “/opt/openvas/bin/ospd-scanner/lib/python3.7/site-packages/ospd/server.py”, line 182, in handle_request
self.server.handle_request(request, client_address)
File “/opt/openvas/bin/ospd-scanner/lib/python3.7/site-packages/ospd/server.py”, line 308, in handle_request
req_socket = self.tls_context.wrap_socket(request, server_side=True)
File “/usr/lib/python3.7/ssl.py”, line 412, in wrap_socket
session=session
File “/usr/lib/python3.7/ssl.py”, line 853, in _create
self.do_handshake()
File “/usr/lib/python3.7/ssl.py”, line 1117, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unsupported certificate purpose (_ssl.c:1056)

We have verified that the clientcert given to OpenVAS has the Client Cert purpose. All of our certs (server cert, client cert) have the following purposes:
Certificate purposes:
SSL client : Yes
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : No
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
Time Stamp signing : No
Time Stamp signing CA : No

Our cacert has the following purposes:
Certificate purposes:
SSL client : Yes
SSL client CA : Yes
SSL server : Yes
SSL server CA : Yes
Netscape SSL server : No
Netscape SSL server CA : Yes
S/MIME signing : Yes
S/MIME signing CA : Yes
S/MIME encryption : No
S/MIME encryption CA : Yes
CRL signing : Yes
CRL signing CA : Yes
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : Yes
Time Stamp signing : No
Time Stamp signing CA : Yes

What SSL purposes should be enabled for the ospd-openvas server cert / client cert / ca cert?