diff --git a/bin/tests/system/checkconf/bad-tls-cipher-suites-ciphers-string.conf b/bin/tests/system/checkconf/bad-tls-cipher-suites-ciphers-string.conf
new file mode 100644
index 0000000000..524239cc34
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-tls-cipher-suites-ciphers-string.conf
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+	protocols { TLSv1.3; };
+	key-file "key.pem";
+	cert-file "cert.pem";
+	dhparam-file "dhparam.pem";
+	cipher-suites "HIGH:!aNULL:!MD5:!RC4";
+	prefer-server-ciphers yes;
+	session-tickets no;
+};
+
+options {
+	listen-on port 853 tls local-tls { 10.53.0.1; };
+};
diff --git a/bin/tests/system/checkconf/bad-tls-cipher-suites-empty-string.conf b/bin/tests/system/checkconf/bad-tls-cipher-suites-empty-string.conf
new file mode 100644
index 0000000000..7e0ebcf902
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-tls-cipher-suites-empty-string.conf
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+	protocols { TLSv1.3; };
+	key-file "key.pem";
+	cert-file "cert.pem";
+	dhparam-file "dhparam.pem";
+	cipher-suites "";
+	prefer-server-ciphers yes;
+	session-tickets no;
+};
+
+options {
+	listen-on port 853 tls local-tls { 10.53.0.1; };
+};
diff --git a/bin/tests/system/checkconf/bad-tls-cipher-suites-wrong-string.conf b/bin/tests/system/checkconf/bad-tls-cipher-suites-wrong-string.conf
new file mode 100644
index 0000000000..44f74fe9a7
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-tls-cipher-suites-wrong-string.conf
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+	protocols { TLSv1.3; };
+	key-file "key.pem";
+	cert-file "cert.pem";
+	dhparam-file "dhparam.pem";
+	cipher-suites "lalalalalgggg";
+	prefer-server-ciphers yes;
+	session-tickets no;
+};
+
+options {
+	listen-on port 853 tls local-tls { 10.53.0.1; };
+};
diff --git a/bin/tests/system/checkconf/good-tls-cipher-suites-multiple-cipher-suites.conf b/bin/tests/system/checkconf/good-tls-cipher-suites-multiple-cipher-suites.conf
new file mode 100644
index 0000000000..6ef3df6f2c
--- /dev/null
+++ b/bin/tests/system/checkconf/good-tls-cipher-suites-multiple-cipher-suites.conf
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+	protocols { TLSv1.3; };
+	key-file "key.pem";
+	cert-file "cert.pem";
+	dhparam-file "dhparam.pem";
+	cipher-suites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
+	prefer-server-ciphers yes;
+	session-tickets no;
+};
+
+options {
+	listen-on port 853 tls local-tls { 10.53.0.1; };
+};
diff --git a/bin/tests/system/checkconf/good-tls-cipher-suites-one-cipher-suite.conf b/bin/tests/system/checkconf/good-tls-cipher-suites-one-cipher-suite.conf
new file mode 100644
index 0000000000..da52e6685d
--- /dev/null
+++ b/bin/tests/system/checkconf/good-tls-cipher-suites-one-cipher-suite.conf
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+	protocols { TLSv1.3; };
+	key-file "key.pem";
+	cert-file "cert.pem";
+	dhparam-file "dhparam.pem";
+	cipher-suites "TLS_CHACHA20_POLY1305_SHA256";
+	prefer-server-ciphers yes;
+	session-tickets no;
+};
+
+options {
+	listen-on port 853 tls local-tls { 10.53.0.1; };
+};
diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
index 7eced17663..d3289015d2 100644
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -89,6 +89,10 @@ for good in good-*.conf; do
       good-proxy-*doh*.conf) continue ;;
       bad-proxy-*doh*.conf) continue ;;
     esac
+  elif ! $FEATURETEST --have-openssl-cipher-suites; then
+    case $good in
+      good-tls-cipher-suites-*.conf) continue ;;
+    esac
   fi
   {
     $CHECKCONF $good >checkconf.out$n 2>&1