diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8d28b63c35..5864a87a78 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -241,6 +241,33 @@ requires_ciphersuite_enabled() {
     fi
 }
 
+# maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...]
+# If CMD (call to a TLS client or server program) requires a specific
+# ciphersuite, arrange to only run the test case if this ciphersuite is
+# enabled. As an exception, do run the test case if it expects a ciphersuite
+# mismatch.
+maybe_requires_ciphersuite_enabled() {
+    case "$1" in
+        *\ force_ciphersuite=*) :;;
+        *) return;; # No specific required ciphersuite
+    esac
+    ciphersuite="${1##*\ force_ciphersuite=}"
+    ciphersuite="${ciphersuite%%[!-0-9A-Z_a-z]*}"
+    shift
+
+    case "$*" in
+        *"-s SSL - The server has no ciphersuites in common"*)
+            # This test case expects a ciphersuite mismatch, so it doesn't
+            # require the ciphersuite to be enabled.
+            ;;
+        *)
+            requires_ciphersuite_enabled "$ciphersuite"
+            ;;
+    esac
+
+    unset ciphersuite
+}
+
 # skip next test if OpenSSL doesn't support FALLBACK_SCSV
 requires_openssl_with_fallback_scsv() {
     if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
@@ -658,17 +685,9 @@ run_test() {
        requires_config_enabled MBEDTLS_FS_IO
     fi
 
-    # Check if server forces ciphersuite
-    FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
-    if [ ! -z "$FORCE_CIPHERSUITE" ]; then
-       requires_ciphersuite_enabled $FORCE_CIPHERSUITE
-    fi
-
-    # Check if client forces ciphersuite
-    FORCE_CIPHERSUITE=$(echo "$CLI_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
-    if [ ! -z "$FORCE_CIPHERSUITE" ]; then
-       requires_ciphersuite_enabled $FORCE_CIPHERSUITE
-    fi
+    # If the client or serve requires a ciphersuite, check that it's enabled.
+    maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@"
+    maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@"
 
     # should we skip?
     if [ "X$SKIP_NEXT" = "XYES" ]; then
diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data
index 8d728bd067..a4cebd2412 100644
--- a/tests/suites/test_suite_cipher.gcm.data
+++ b/tests/suites/test_suite_cipher.gcm.data
@@ -3,7 +3,7 @@ depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
 dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:0:0
 
 AES GCM Decrypt empty buffer
-depends_on:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_GCM_C
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
 dec_empty_buf:MBEDTLS_CIPHER_AES_128_GCM:0:0
 
 Aria GCM Decrypt empty buffer
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 48bdbed942..2a0573d8bc 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -574,7 +574,7 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBE
 raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
 
 PSA key policy algorithm2: CTR, CBC
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC_NOPAD
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
 key_policy_alg2:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING
 
 PSA key policy algorithm2: ECDH, ECDSA
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index b771e58233..f8889833b1 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -34,30 +34,6 @@ Hash: SHA-2 SHA-512
 depends_on:MBEDTLS_SHA512_C
 hash_algorithm:PSA_ALG_SHA_512:64
 
-Hash: SHA-2 SHA-512/224
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
-hash_algorithm:PSA_ALG_SHA_512_224:28
-
-Hash: SHA-2 SHA-512/256
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
-hash_algorithm:PSA_ALG_SHA_512_256:32
-
-Hash: SHA-3 SHA3-224
-depends_on:MBEDTLS_SHA3_C
-hash_algorithm:PSA_ALG_SHA3_224:28
-
-Hash: SHA-3 SHA3-256
-depends_on:MBEDTLS_SHA3_C
-hash_algorithm:PSA_ALG_SHA3_256:32
-
-Hash: SHA-3 SHA3-384
-depends_on:MBEDTLS_SHA3_C
-hash_algorithm:PSA_ALG_SHA3_384:48
-
-Hash: SHA-3 SHA3-512
-depends_on:MBEDTLS_SHA3_C
-hash_algorithm:PSA_ALG_SHA3_512:64
-
 MAC: HMAC-MD2
 depends_on:MBEDTLS_MD2_C
 hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):16:64
@@ -94,30 +70,6 @@ MAC: HMAC-SHA-512
 depends_on:MBEDTLS_SHA512_C
 hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):64:128
 
-MAC: HMAC-SHA-512/224
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_224 ):28:128
-
-MAC: HMAC-SHA-512/256
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_256 ):32:128
-
-MAC: HMAC-SHA3-224
-depends_on:MBEDTLS_SHA3_C
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_224 ):28:144
-
-MAC: HMAC-SHA3-256
-depends_on:MBEDTLS_SHA3_C
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_256 ):32:136
-
-MAC: HMAC-SHA3-384
-depends_on:MBEDTLS_SHA3_C
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_384 ):48:104
-
-MAC: HMAC-SHA3-512
-depends_on:MBEDTLS_SHA3_C
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_512 ):64:72
-
 MAC: CBC_MAC-AES-128
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C
 mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128
@@ -155,7 +107,7 @@ depends_on:MBEDTLS_ARC4_C
 cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER
 
 Cipher: ChaCha20
-depends_on:MBEDTLS_CHACHA_C
+depends_on:MBEDTLS_CHACHA20_C
 cipher_algorithm:PSA_ALG_CHACHA20:ALG_IS_STREAM_CIPHER
 
 Cipher: CTR
@@ -206,14 +158,6 @@ Asymmetric signature: RSA PSS SHA-256
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
 asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_HASH_AND_SIGN
 
-Asymmetric signature: SHA-256 + randomized DSA SHA-256 using SHA-256
-depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C
-asymmetric_signature_algorithm:PSA_ALG_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA | ALG_IS_HASH_AND_SIGN
-
-Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 [#1]
-depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C:MBEDTLS_DSA_DETERMINISTIC
-asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN
-
 Asymmetric signature: randomized ECDSA (no hashing)
 depends_on:MBEDTLS_ECDSA_C
 asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN
@@ -222,7 +166,7 @@ Asymmetric signature: SHA-256 + randomized ECDSA
 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C
 asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN
 
-Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 [#2]
+Asymmetric signature: SHA-256 + deterministic ECDSA using SHA-256
 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C
 asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN
 
@@ -234,19 +178,11 @@ Asymmetric signature: RSA PSS with wildcard hash
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
 asymmetric_signature_wildcard:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS
 
-Asymmetric signature: randomized DSA with wildcard hash
-depends_on:MBEDTLS_DSA_C
-asymmetric_signature_wildcard:PSA_ALG_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA
-
-Asymmetric signature: deterministic DSA with wildcard hash [#1]
-depends_on:MBEDTLS_DSA_C:MBEDTLS_DSA_DETERMINISTIC
-asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC
-
 Asymmetric signature: randomized ECDSA with wildcard hash
 depends_on:MBEDTLS_ECDSA_C
 asymmetric_signature_wildcard:PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA
 
-Asymmetric signature: deterministic DSA with wildcard hash [#2]
+Asymmetric signature: deterministic ECDSA with wildcard hash
 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC
 asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC
 
@@ -343,14 +279,6 @@ Key type: RSA key pair
 depends_on:MBEDTLS_RSA_C
 key_type:PSA_KEY_TYPE_RSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_RSA
 
-Key type: DSA public key
-depends_on:MBEDTLS_DSA_C
-key_type:PSA_KEY_TYPE_DSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_DSA
-
-Key type: DSA key pair
-depends_on:MBEDTLS_DSA_C
-key_type:PSA_KEY_TYPE_DSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_DSA
-
 ECC key family: SECP K1
 ecc_key_family:PSA_ECC_CURVE_SECP_K1