+ExpectedResult = Success
+ExpectedServerCertType = RSA-PSS
+ExpectedServerSignHash = SHA512
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[23-RSA-PSS Certificate, no PSS signature algorithms]
+ssl_conf = 23-RSA-PSS Certificate, no PSS signature algorithms-ssl
+
+[23-RSA-PSS Certificate, no PSS signature algorithms-ssl]
+server = 23-RSA-PSS Certificate, no PSS signature algorithms-server
+client = 23-RSA-PSS Certificate, no PSS signature algorithms-client
+
+[23-RSA-PSS Certificate, no PSS signature algorithms-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-key.pem
+
+[23-RSA-PSS Certificate, no PSS signature algorithms-client]
+CipherString = DEFAULT
+SignatureAlgorithms = RSA+SHA256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-23]
+ExpectedResult = ServerFail
+
+
+# ===========================================================
+
+[24-Only RSA-PSS Restricted Certificate]
+ssl_conf = 24-Only RSA-PSS Restricted Certificate-ssl
+
+[24-Only RSA-PSS Restricted Certificate-ssl]
+server = 24-Only RSA-PSS Restricted Certificate-server
+client = 24-Only RSA-PSS Restricted Certificate-client
+
+[24-Only RSA-PSS Restricted Certificate-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
+
+[24-Only RSA-PSS Restricted Certificate-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-24]
+ExpectedResult = Success
+ExpectedServerCertType = RSA-PSS
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[25-RSA-PSS Restricted Certificate Valid Signature Algorithms]
+ssl_conf = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl
+
+[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-ssl]
+server = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server
+client = 25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client
+
+[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
+
+[25-RSA-PSS Restricted Certificate Valid Signature Algorithms-client]
+CipherString = DEFAULT
+SignatureAlgorithms = rsa_pss_pss_sha256:rsa_pss_pss_sha512
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-25]
+ExpectedResult = Success
+ExpectedServerCertType = RSA-PSS
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm]
+ssl_conf = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl
+
+[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-ssl]
+server = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server
+client = 26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client
+
+[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
+
+[26-RSA-PSS Restricted Cert client prefers invalid Signature Algorithm-client]
+CipherString = DEFAULT
+SignatureAlgorithms = rsa_pss_pss_sha512:rsa_pss_pss_sha256
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-26]
+ExpectedResult = Success
+ExpectedServerCertType = RSA-PSS
+ExpectedServerSignHash = SHA256
+ExpectedServerSignType = RSA-PSS
+
+
+# ===========================================================
+
+[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms]
+ssl_conf = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl
+
+[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-ssl]
+server = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server
+client = 27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client
+
+[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-cert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/server-pss-restrict-key.pem
+
+[27-RSA-PSS Restricted Certificate Invalid Signature Algorithms-client]
+CipherString = DEFAULT
+SignatureAlgorithms = rsa_pss_pss_sha512
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-27]