diff --git a/components/wpa_supplicant/src/eap_peer/eap_tls_common.c b/components/wpa_supplicant/src/eap_peer/eap_tls_common.c
index b3ebfa7362..60ef6096bd 100644
--- a/components/wpa_supplicant/src/eap_peer/eap_tls_common.c
+++ b/components/wpa_supplicant/src/eap_peer/eap_tls_common.c
@@ -616,6 +616,8 @@ int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
 		 */
 		int res = eap_tls_process_input(sm, data, in_data, in_len,
 						out_data);
+		char buf[20];
+
 		if (res) {
 			/*
 			 * Input processing failed (res = -1) or more data is
@@ -628,6 +630,12 @@ int eap_peer_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data,
 		 * The incoming message has been reassembled and processed. The
 		 * response was allocated into data->tls_out buffer.
 		 */
+
+		if (tls_get_version(data->ssl_ctx, data->conn,
+				    buf, sizeof(buf)) == 0) {
+			wpa_printf(MSG_DEBUG, "SSL: Using TLS version %s", buf);
+			data->tls_v13 = os_strcmp(buf, "TLSv1.3") == 0;
+		}
 	}
 
 	if (data->tls_out == NULL) {
diff --git a/components/wpa_supplicant/src/eap_peer/eap_tls_common.h b/components/wpa_supplicant/src/eap_peer/eap_tls_common.h
index 50390c4ce0..fea1458ee9 100644
--- a/components/wpa_supplicant/src/eap_peer/eap_tls_common.h
+++ b/components/wpa_supplicant/src/eap_peer/eap_tls_common.h
@@ -78,6 +78,11 @@ struct eap_ssl_data {
 	 * client_cert_conf: Whether client certificate has been configured
 	 */
 	bool client_cert_conf;
+
+	/**
+	 * tls_v13 - Whether TLS v1.3 or newer is used
+	 */
+	int tls_v13;
 };