diff --git a/src/benchmarks/micro/libraries/System.Net.Security/SslStreamTests.cs b/src/benchmarks/micro/libraries/System.Net.Security/SslStreamTests.cs
index 0cf2d36ac43..df36346a0ed 100644
--- a/src/benchmarks/micro/libraries/System.Net.Security/SslStreamTests.cs
+++ b/src/benchmarks/micro/libraries/System.Net.Security/SslStreamTests.cs
@@ -21,6 +21,7 @@ public partial class SslStreamTests
     {
         private readonly Barrier _twoParticipantBarrier = new Barrier(2);
         private static readonly X509Certificate2 _cert = Test.Common.Configuration.Certificates.GetServerCertificate();
+        private static readonly X509Certificate2 _clientCert = Test.Common.Configuration.Certificates.GetClientCertificate();
         private static readonly X509Certificate2 _ec256Cert = Test.Common.Configuration.Certificates.GetEC256Certificate();
         private static readonly X509Certificate2 _ec512Cert = Test.Common.Configuration.Certificates.GetEC512Certificate();
         private static readonly X509Certificate2 _rsa2048Cert = Test.Common.Configuration.Certificates.GetRSA2048Certificate();
@@ -105,12 +106,20 @@ public void Cleanup()
         [BenchmarkCategory(Categories.NoAOT)]
         public Task DefaultHandshakeIPv6Async() => DefaultHandshake(_clientIPv6, _serverIPv6);
 
+        [Benchmark]
+        [BenchmarkCategory(Categories.NoAOT)]
+        public Task DefaultMutualHandshakeIPv4Async() => DefaultHandshake(_clientIPv4, _serverIPv4, requireClientCert: true);
+
+        [Benchmark]
+        [BenchmarkCategory(Categories.NoAOT)]
+        public Task DefaultMutualHandshakeIPv6Async() => DefaultHandshake(_clientIPv6, _serverIPv6, requireClientCert: true);
+
         [Benchmark]
         [OperatingSystemsFilter(allowed: true, platforms: OS.Linux)]    // Not supported on Windows at the moment.
         [BenchmarkCategory(Categories.NoAOT)]
         public Task DefaultHandshakePipeAsync() => DefaultHandshake(_clientPipe, _serverPipe);
 
-        private async Task DefaultHandshake(Stream client, Stream server)
+        private async Task DefaultHandshake(Stream client, Stream server, bool requireClientCert = false)
         {
             SslClientAuthenticationOptions clientOptions = new SslClientAuthenticationOptions
             {
@@ -118,6 +127,7 @@ private async Task DefaultHandshake(Stream client, Stream server)
                 EnabledSslProtocols = SslProtocols.None,
                 CertificateRevocationCheckMode = X509RevocationMode.NoCheck,
                 TargetHost = "loopback",
+                ClientCertificates = requireClientCert ? new X509CertificateCollection() { _clientCert } : null,
             };
 
             SslServerAuthenticationOptions serverOptions = new SslServerAuthenticationOptions
@@ -125,7 +135,8 @@ private async Task DefaultHandshake(Stream client, Stream server)
                 AllowRenegotiation = false,
                 EnabledSslProtocols = SslProtocols.None,
                 CertificateRevocationCheckMode = X509RevocationMode.NoCheck,
-                ServerCertificate = _cert
+                ServerCertificate = _cert,
+                ClientCertificateRequired = requireClientCert,
             };
 
             using (var sslClient = new SslStream(client, leaveInnerStreamOpen: true, delegate { return true; }))