diff --git a/components/esp-tls/esp_tls.c b/components/esp-tls/esp_tls.c
index c3f025e91b..0f5ced694d 100644
--- a/components/esp-tls/esp_tls.c
+++ b/components/esp-tls/esp_tls.c
@@ -40,6 +40,7 @@ static const char *TAG = "esp-tls";
 #define _esp_tls_conn_delete                esp_mbedtls_conn_delete
 #define _esp_tls_net_init                   esp_mbedtls_net_init
 #define _esp_tls_get_client_session         esp_mbedtls_get_client_session
+#define _esp_tls_free_client_session        esp_mbedtls_free_client_session
 #define _esp_tls_get_ssl_context            esp_mbedtls_get_ssl_context
 #ifdef CONFIG_ESP_TLS_SERVER
 #define _esp_tls_server_session_create      esp_mbedtls_server_session_create
@@ -564,6 +565,11 @@ esp_tls_client_session_t *esp_tls_get_client_session(esp_tls_t *tls)
 {
     return _esp_tls_get_client_session(tls);
 }
+
+void esp_tls_free_client_session(esp_tls_client_session_t *client_session)
+{
+    _esp_tls_free_client_session(client_session);
+}
 #endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
 
 
diff --git a/components/esp-tls/esp_tls.h b/components/esp-tls/esp_tls.h
index d46e733782..4156f5613d 100644
--- a/components/esp-tls/esp_tls.h
+++ b/components/esp-tls/esp_tls.h
@@ -633,6 +633,16 @@ esp_err_t esp_tls_plain_tcp_connect(const char *host, int hostlen, int port, con
  *             NULL     on Failure
  */
 esp_tls_client_session_t *esp_tls_get_client_session(esp_tls_t *tls);
+
+/**
+ * @brief Free the client session
+ *
+ * This function should be called after esp_tls_get_client_session().
+ *
+ * @param[in]  client_session context as esp_tls_client_session_t
+ *
+ */
+void esp_tls_free_client_session(esp_tls_client_session_t *client_session);
 #endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
 #ifdef __cplusplus
 }
diff --git a/components/esp-tls/esp_tls_mbedtls.c b/components/esp-tls/esp_tls_mbedtls.c
index c870f85f25..7cd07bc562 100644
--- a/components/esp-tls/esp_tls_mbedtls.c
+++ b/components/esp-tls/esp_tls_mbedtls.c
@@ -174,6 +174,14 @@ esp_tls_client_session_t *esp_mbedtls_get_client_session(esp_tls_t *tls)
 
     return client_session;
 }
+
+void esp_mbedtls_free_client_session(esp_tls_client_session_t *client_session)
+{
+    if (client_session) {
+        mbedtls_ssl_session_free(&(client_session->saved_session));
+        free(client_session);
+    }
+}
 #endif /* CONFIG_ESP_TLS_CLIENT_SESSION_TICKETS */
 
 int esp_mbedtls_handshake(esp_tls_t *tls, const esp_tls_cfg_t *cfg)
diff --git a/components/esp-tls/private_include/esp_tls_mbedtls.h b/components/esp-tls/private_include/esp_tls_mbedtls.h
index da94f4b2a5..3eb46a0807 100644
--- a/components/esp-tls/private_include/esp_tls_mbedtls.h
+++ b/components/esp-tls/private_include/esp_tls_mbedtls.h
@@ -110,6 +110,11 @@ esp_err_t set_client_config(const char *hostname, size_t hostlen, esp_tls_cfg_t
  * Internal Callback for mbedtls_get_client_session
  */
 esp_tls_client_session_t *esp_mbedtls_get_client_session(esp_tls_t *tls);
+
+/**
+ * Internal Callback for mbedtls_free_client_session
+ */
+void esp_mbedtls_free_client_session(esp_tls_client_session_t *client_session);
 #endif
 
 /**
diff --git a/examples/protocols/https_request/main/https_request_example_main.c b/examples/protocols/https_request/main/https_request_example_main.c
index ad532f3e17..86ab25ded8 100644
--- a/examples/protocols/https_request/main/https_request_example_main.c
+++ b/examples/protocols/https_request/main/https_request_example_main.c
@@ -85,7 +85,7 @@ extern const uint8_t local_server_cert_pem_start[] asm("_binary_local_server_cer
 extern const uint8_t local_server_cert_pem_end[]   asm("_binary_local_server_cert_pem_end");
 
 #ifdef CONFIG_EXAMPLE_CLIENT_SESSION_TICKETS
-esp_tls_client_session_t *tls_client_session = NULL;
+static esp_tls_client_session_t *tls_client_session = NULL;
 static bool save_client_session = false;
 #endif
 
@@ -110,7 +110,7 @@ static void https_get_request(esp_tls_cfg_t cfg, const char *WEB_SERVER_URL, con
 #ifdef CONFIG_EXAMPLE_CLIENT_SESSION_TICKETS
     /* The TLS session is successfully established, now saving the session ctx for reuse */
     if (save_client_session) {
-        free(tls_client_session);
+        esp_tls_free_client_session(tls_client_session);
         tls_client_session = esp_tls_get_client_session(tls);
     }
 #endif
@@ -220,7 +220,7 @@ static void https_get_request_using_already_saved_session(const char *url)
         .client_session = tls_client_session,
     };
     https_get_request(cfg, url, LOCAL_SRV_REQUEST);
-    free(tls_client_session);
+    esp_tls_free_client_session(tls_client_session);
     save_client_session = false;
     tls_client_session = NULL;
 }