diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0fd3387bcf..4c5bd0c1a2 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -598,15 +598,19 @@ maybe_adapt_for_psk() {
     adapt_cmd_for_psk SRV_CMD "$SRV_CMD"
 }
 
-# PSK_PRESENT="YES" if at least one protocol versions supports pure-PSK.
+# PSK_PRESENT="YES" if at least one protocol versions supports at least
+# one PSK key exchange mode.
 PSK_PRESENT="NO"
-# PSK_ONLY="YES" if no key exchange is enabled except pure-PSK.
+# PSK_ONLY="YES" if all the available key exchange modes are PSK-based
+# (pure-PSK or PSK-ephemeral, possibly both).
 PSK_ONLY=""
 for c in $CONFIGS_ENABLED; do
     case $c in
         MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) PSK_PRESENT="YES";;
+        MBEDTLS_KEY_EXCHANGE_PSK_*_ENABLED) PSK_PRESENT="YES";;
         MBEDTLS_KEY_EXCHANGE_*_ENABLED) PSK_ONLY="NO";;
         MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) PSK_PRESENT="YES";;
+        MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_*_ENABLED) PSK_PRESENT="YES";;
         MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*_ENABLED) PSK_ONLY="NO";;
     esac
 done