diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c
index 1806757594..e719e472e8 100644
--- a/components/esp-tls/esp_tls_mbedtls.c
+++ b/components/esp-tls/esp_tls_mbedtls.c
@@ -113,11 +113,8 @@ esp_err_t esp_create_mbedtls_handle(const char *hostname, size_t hostlen, const
 #endif
 
 #ifdef CONFIG_MBEDTLS_SSL_PROTO_TLS1_3
-    // NOTE: Mbed TLS currently supports only client-side config with TLS 1.3
-    if (tls->role != ESP_TLS_SERVER) {
-        mbedtls_ssl_conf_min_version(&tls->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4);
-        mbedtls_ssl_conf_max_version(&tls->conf, MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_4);
-    }
+    mbedtls_ssl_conf_min_tls_version(&tls->conf, MBEDTLS_SSL_VERSION_TLS1_3);
+    mbedtls_ssl_conf_max_tls_version(&tls->conf, MBEDTLS_SSL_VERSION_TLS1_3);
 #endif
 
     if ((ret = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
diff --git a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c
index 575a59e458..28685b912f 100644
--- a/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c
+++ b/components/wpa_supplicant/esp_supplicant/src/crypto/tls_mbedtls.c
@@ -196,7 +196,7 @@ static int set_ca_cert(tls_context_t *tls, const unsigned char *cacert, size_t c
 }
 
 #ifdef CONFIG_SUITEB192
-static int tls_sig_hashes_for_suiteb[] = {
+static uint16_t tls_sig_algs_for_suiteb[] = {
 #if defined(MBEDTLS_SHA512_C)
 	MBEDTLS_MD_SHA512,
 	MBEDTLS_MD_SHA384,
@@ -220,11 +220,11 @@ static void tls_set_suiteb_config(tls_context_t *tls)
 {
 	const mbedtls_x509_crt_profile *crt_profile = &suiteb_mbedtls_x509_crt_profile;
 	mbedtls_ssl_conf_cert_profile(&tls->conf, crt_profile);
-	mbedtls_ssl_conf_sig_hashes(&tls->conf, tls_sig_hashes_for_suiteb);
+	mbedtls_ssl_conf_sig_algs(&tls->conf, tls_sig_algs_for_suiteb);
 }
 #endif
 
-static int tls_sig_hashes_for_eap[] = {
+static uint16_t tls_sig_algs_for_eap[] = {
 #if defined(MBEDTLS_SHA512_C)
 	MBEDTLS_MD_SHA512,
 	MBEDTLS_MD_SHA384,
@@ -262,7 +262,7 @@ static void tls_enable_sha1_config(tls_context_t *tls)
 {
 	const mbedtls_x509_crt_profile *crt_profile = &eap_mbedtls_x509_crt_profile;
 	mbedtls_ssl_conf_cert_profile(&tls->conf, crt_profile);
-	mbedtls_ssl_conf_sig_hashes(&tls->conf, tls_sig_hashes_for_eap);
+	mbedtls_ssl_conf_sig_algs(&tls->conf, tls_sig_algs_for_eap);
 }
 
 static const int eap_ciphersuite_preference[] =