diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index d7f6602d50..a87933d1f6 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -976,3 +976,41 @@ int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
     return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
                              ctx->cert->sec_ex);
 }
+
+/*
+ * Certificate table information. NB: table entries must match SSL_PKEY indices
+ */
+static const SSL_CERT_LOOKUP ssl_cert_info [] = {
+    {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */
+    {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */
+    {EVP_PKEY_EC, SSL_aECDSA}, /* SSL_PKEY_ECC */
+    {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */
+    {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */
+    {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */
+    {EVP_PKEY_ED25519, SSL_aECDSA} /* SSL_PKEY_ED25519 */
+};
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx)
+{
+    int nid = EVP_PKEY_id(pk);
+    size_t i;
+
+    if (nid == NID_undef)
+        return NULL;
+
+    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
+        if (ssl_cert_info[i].nid == nid) {
+            if (pidx != NULL)
+                *pidx = i;
+            return &ssl_cert_info[i];
+        }
+    }
+    return NULL;
+}
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx)
+{
+    if (idx >= OSSL_NELEM(ssl_cert_info))
+        return 0;
+    return &ssl_cert_info[idx];
+}
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 64bb264b52..3fd16207c5 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1996,3 +1996,12 @@ int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
 
     return 1;
 }
+
+int ssl_cert_is_disabled(size_t idx)
+{
+    const SSL_CERT_LOOKUP *cl = ssl_cert_lookup_by_idx(idx);
+
+    if (cl == NULL || (cl->amask & disabled_auth_mask) != 0)
+        return 1;
+    return 0;
+}
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 168e5dda01..695cf45baa 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1345,6 +1345,15 @@ typedef struct sigalg_lookup_st {
 
 typedef struct cert_pkey_st CERT_PKEY;
 
+/*
+ * Structure containing table entry of certificate info corresponding to
+ * CERT_PKEY entries
+ */
+typedef struct {
+    int nid; /* NID of pubic key algorithm */
+    uint32_t amask; /* authmask corresponding to key type */
+} SSL_CERT_LOOKUP;
+
 typedef struct ssl3_state_st {
     long flags;
     size_t read_mac_secret_size;
@@ -2092,6 +2101,7 @@ __owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
 __owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
                                    size_t *int_overhead, size_t *blocksize,
                                    size_t *ext_overhead);
+__owur int ssl_cert_is_disabled(size_t idx);
 __owur int ssl_cipher_get_cert_index(const SSL_CIPHER *c);
 __owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
                                                 const unsigned char *ptr,
@@ -2114,6 +2124,10 @@ __owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
 __owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
                             void *other);
 
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
+                                                      size_t *pidx);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx);
+
 int ssl_undefined_function(SSL *s);
 __owur int ssl_undefined_void_function(void);
 __owur int ssl_undefined_const_function(const SSL *s);