diff --git a/components/esp_http_client/CMakeLists.txt b/components/esp_http_client/CMakeLists.txt
index 327e90778a..4020133229 100644
--- a/components/esp_http_client/CMakeLists.txt
+++ b/components/esp_http_client/CMakeLists.txt
@@ -5,4 +5,4 @@ idf_component_register(SRCS "esp_http_client.c"
                     INCLUDE_DIRS "include"
                     PRIV_INCLUDE_DIRS "lib/include"
                     REQUIRES nghttp
-                    PRIV_REQUIRES mbedtls lwip esp-tls tcp_transport)
+                    PRIV_REQUIRES lwip esp-tls tcp_transport)
diff --git a/components/esp_http_client/Kconfig b/components/esp_http_client/Kconfig
index 9cc8a68050..9833098cb1 100644
--- a/components/esp_http_client/Kconfig
+++ b/components/esp_http_client/Kconfig
@@ -5,7 +5,7 @@ menu "ESP HTTP client"
         bool "Enable https"
         default y
         help
-            This option will enable https protocol by linking mbedtls library and initializing SSL transport
+            This option will enable https protocol by linking esp-tls library and initializing SSL transport
 
     config ESP_HTTP_CLIENT_ENABLE_BASIC_AUTH
         bool "Enable HTTP Basic Authentication"
diff --git a/components/esp_http_client/lib/http_auth.c b/components/esp_http_client/lib/http_auth.c
index d89ccfec8d..2ed724e16d 100644
--- a/components/esp_http_client/lib/http_auth.c
+++ b/components/esp_http_client/lib/http_auth.c
@@ -20,7 +20,7 @@
 #include "esp_netif.h"
 #include "lwip/sockets.h"
 #include "esp_rom_md5.h"
-#include "mbedtls/base64.h"
+#include "esp_tls_crypto.h"
 
 #include "esp_system.h"
 #include "esp_log.h"
@@ -140,11 +140,11 @@ char *http_auth_basic(const char *username, const char *password)
     size_t n = 0;
     asprintf(&user_info, "%s:%s", username, password);
     HTTP_MEM_CHECK(TAG, user_info, return NULL);
-    mbedtls_base64_encode(NULL, 0, &n, (const unsigned char *)user_info, strlen(user_info));
+    esp_crypto_base64_encode(NULL, 0, &n, (const unsigned char *)user_info, strlen(user_info));
     digest = calloc(1, 6 + n + 1);
     HTTP_MEM_CHECK(TAG, digest, goto _basic_exit);
     strcpy(digest, "Basic ");
-    mbedtls_base64_encode((unsigned char *)digest + 6, n, (size_t *)&out, (const unsigned char *)user_info, strlen(user_info));
+    esp_crypto_base64_encode((unsigned char *)digest + 6, n, (size_t *)&out, (const unsigned char *)user_info, strlen(user_info));
 _basic_exit:
     free(user_info);
     return digest;
diff --git a/components/tcp_transport/transport_ws.c b/components/tcp_transport/transport_ws.c
index d2ea9648ba..7a532857f1 100644
--- a/components/tcp_transport/transport_ws.c
+++ b/components/tcp_transport/transport_ws.c
@@ -8,10 +8,9 @@
 #include "esp_transport_tcp.h"
 #include "esp_transport_ws.h"
 #include "esp_transport_utils.h"
-#include "mbedtls/base64.h"
-#include "mbedtls/sha1.h"
 #include "esp_transport_internal.h"
 #include "errno.h"
+#include "esp_tls_crypto.h"
 
 static const char *TAG = "TRANSPORT_WS";
 
@@ -118,7 +117,7 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int
     const char *user_agent_ptr = (ws->user_agent)?(ws->user_agent):"ESP32 Websocket Client";
 
     size_t outlen = 0;
-    mbedtls_base64_encode(client_key, sizeof(client_key), &outlen, random_key, sizeof(random_key));
+    esp_crypto_base64_encode(client_key, sizeof(client_key), &outlen, random_key, sizeof(random_key));
     int len = snprintf(ws->buffer, WS_BUFFER_SIZE,
                          "GET %s HTTP/1.1\r\n"
                          "Connection: Upgrade\r\n"
@@ -183,7 +182,7 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int
         return -1;
     }
 
-    // See mbedtls_sha1_ret() arg size
+    // See esp_crypto_sha1() arg size
     unsigned char expected_server_sha1[20];
     // Size of base64 coded string see above
     unsigned char expected_server_key[33] = {0};
@@ -194,8 +193,8 @@ static int ws_connect(esp_transport_handle_t t, const char *host, int port, int
     strcat((char*)expected_server_text, expected_server_magic);
 
     size_t key_len = strlen((char*)expected_server_text);
-    mbedtls_sha1_ret(expected_server_text, key_len, expected_server_sha1);
-    mbedtls_base64_encode(expected_server_key, sizeof(expected_server_key),  &outlen, expected_server_sha1, sizeof(expected_server_sha1));
+    esp_crypto_sha1(expected_server_text, key_len, expected_server_sha1);
+    esp_crypto_base64_encode(expected_server_key, sizeof(expected_server_key),  &outlen, expected_server_sha1, sizeof(expected_server_sha1));
     expected_server_key[ (outlen < sizeof(expected_server_key)) ? outlen : (sizeof(expected_server_key) - 1) ] = 0;
     ESP_LOGD(TAG, "server key=%s, send_key=%s, expected_server_key=%s", (char *)server_key, (char*)client_key, expected_server_key);
     if (strcmp((char*)expected_server_key, (char*)server_key) != 0) {