{rsaCert, []SignatureScheme{PKCS1WithSHA512, PKCS1WithSHA1}, VersionTLS12, PKCS1WithSHA512, signaturePKCS1v15, crypto.SHA512},
		{rsaCert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PSSWithSHA256, signatureRSAPSS, crypto.SHA256},
		{pkcs1Cert, []SignatureScheme{PSSWithSHA256, PKCS1WithSHA256}, VersionTLS12, PKCS1WithSHA256, signaturePKCS1v15, crypto.SHA256},

// CertificateRequest. The two fields are merged to match with TLS 1.3.
// Note that in TLS 1.2, the ECDSA algorithms are not constrained to P-256, etc.
var defaultSupportedSignatureAlgorithms = []SignatureScheme{
	PSSWithSHA256,
	ECDSAWithP256AndSHA256,
	Ed25519,
	PSSWithSHA384,
	PSSWithSHA512,
	PKCS1WithSHA256,
	PKCS1WithSHA384,
	PKCS1WithSHA512,
	ECDSAWithP384AndSHA384,
	ECDSAWithP521AndSHA512,
	PKCS1WithSHA1,

	switch signatureAlgorithm {
	case PKCS1WithSHA1, PKCS1WithSHA256, PKCS1WithSHA384, PKCS1WithSHA512:
		sigType = signaturePKCS1v15
	case PSSWithSHA256, PSSWithSHA384, PSSWithSHA512:
		sigType = signatureRSAPSS
	case ECDSAWithSHA1, ECDSAWithP256AndSHA256, ECDSAWithP384AndSHA384, ECDSAWithP521AndSHA512:
		sigType = signatureECDSA
	case Ed25519:

	// Re-run the stringer command to generate them again.
	var x [1]struct{}
	_ = x[PKCS1WithSHA256-1025]
	_ = x[PKCS1WithSHA384-1281]
	_ = x[PKCS1WithSHA512-1537]
	_ = x[PSSWithSHA256-2052]
	_ = x[PSSWithSHA384-2053]
	_ = x[PSSWithSHA512-2054]
	_ = x[ECDSAWithP256AndSHA256-1027]
	_ = x[ECDSAWithP384AndSHA384-1283]
	_ = x[ECDSAWithP521AndSHA512-1539]
	_ = x[Ed25519-2055]
	_ = x[PKCS1WithSHA1-513]

pkg crypto/tls, const PKCS1WithSHA384 SignatureScheme
pkg crypto/tls, const PKCS1WithSHA512 = 1537
pkg crypto/tls, const PKCS1WithSHA512 SignatureScheme
pkg crypto/tls, const PSSWithSHA256 = 2052
pkg crypto/tls, const PSSWithSHA256 SignatureScheme
pkg crypto/tls, const PSSWithSHA384 = 2053
pkg crypto/tls, const PSSWithSHA384 SignatureScheme
pkg crypto/tls, const PSSWithSHA512 = 2054

		wantErr string
	}{
		{rsaCert, &ClientHelloInfo{
			ServerName:        "example.golang",
			SignatureSchemes:  []SignatureScheme{PSSWithSHA256},
			SupportedVersions: []uint16{VersionTLS13},
		}, ""},
		{ecdsaCert, &ClientHelloInfo{
			SignatureSchemes:  []SignatureScheme{PSSWithSHA256, ECDSAWithP256AndSHA256},
			SupportedVersions: []uint16{VersionTLS13, VersionTLS12},
		}, ""},
		{rsaCert, &ClientHelloInfo{

	switch alg {
	default:
		return false
	case PKCS1WithSHA256,
		ECDSAWithP256AndSHA256,
		PKCS1WithSHA384,
		ECDSAWithP384AndSHA384,
		PKCS1WithSHA512,
		ECDSAWithP521AndSHA512,
		PSSWithSHA256,
		PSSWithSHA384,
		PSSWithSHA512:
		// ok
	}
	return true
}

func TestBoringServerCipherSuites(t *testing.T) {
	serverConfig := testConfig.Clone()

	PKCS1WithSHA256 SignatureScheme = 0x0401
	PKCS1WithSHA384 SignatureScheme = 0x0501
	PKCS1WithSHA512 SignatureScheme = 0x0601

	// RSASSA-PSS algorithms with public key OID rsaEncryption.
	PSSWithSHA256 SignatureScheme = 0x0804
	PSSWithSHA384 SignatureScheme = 0x0805
	PSSWithSHA512 SignatureScheme = 0x0806

	// ECDSA algorithms. Only constrained to a specific curve in TLS 1.3.

		{"NewResumptionState", Func, 21},
		{"NoClientCert", Const, 0},
		{"PKCS1WithSHA1", Const, 8},
		{"PKCS1WithSHA256", Const, 8},
		{"PKCS1WithSHA384", Const, 8},
		{"PKCS1WithSHA512", Const, 8},
		{"PSSWithSHA256", Const, 8},
		{"PSSWithSHA384", Const, 8},
		{"PSSWithSHA512", Const, 8},
		{"ParseSessionState", Func, 21},
		{"QUICClient", Func, 21},
		{"QUICConfig", Type, 21},
		{"QUICConfig.TLSConfig", Field, 21},