diff --git a/samples/crypto/psa_tls/overlays/cc3xx-oberon-psa.conf b/samples/crypto/psa_tls/overlays/cc3xx-oberon-psa.conf
index f939be6e7272..ef83d856c09a 100644
--- a/samples/crypto/psa_tls/overlays/cc3xx-oberon-psa.conf
+++ b/samples/crypto/psa_tls/overlays/cc3xx-oberon-psa.conf
@@ -19,5 +19,8 @@ CONFIG_PSA_WANT_ALG_ECDH=y
 CONFIG_PSA_WANT_ALG_ECDSA=y
 CONFIG_PSA_WANT_ECC_SECP_R1_256=y
 
+CONFIG_MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE=y
+# CONFIG_MBEDTLS_SSL_TLS_1_3_COMPATIBILITY_MODE=y
 CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED=y
-CONFIG_MBEDTLS_DEBUG=y
+CONFIG_MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED=y
+CONFIG_MBEDTLS_DEBUG=n
diff --git a/samples/crypto/psa_tls/src/main.c b/samples/crypto/psa_tls/src/main.c
index 40ac218b870d..e9b4f64595f0 100644
--- a/samples/crypto/psa_tls/src/main.c
+++ b/samples/crypto/psa_tls/src/main.c
@@ -50,12 +50,12 @@ int main(void)
 		return APP_ERROR;
 	}
 #endif
-/*
+
 	err = tls_set_credentials();
 	if (err < 0) {
 		return APP_ERROR;
 	}
-*/
+
 	err = tls_set_preshared_key();
 	if (err < 0) {
 		return APP_ERROR;
diff --git a/samples/crypto/psa_tls/src/psa_tls_functions_client.c b/samples/crypto/psa_tls/src/psa_tls_functions_client.c
index 0e2a71bc1497..55862d1e7a0f 100644
--- a/samples/crypto/psa_tls/src/psa_tls_functions_client.c
+++ b/samples/crypto/psa_tls/src/psa_tls_functions_client.c
@@ -34,7 +34,7 @@ static int setup_tls_client_socket(void)
 
 	/* List of security tags to register. */
 	sec_tag_t sec_tag_list[] = {
-		//CA_CERTIFICATE_TAG,
+		CA_CERTIFICATE_TAG,
 		PSK_TAG,
 	};
 
diff --git a/subsys/nrf_security/Kconfig.tls b/subsys/nrf_security/Kconfig.tls
index 952d6efe9bb6..06c71dcbbdc5 100644
--- a/subsys/nrf_security/Kconfig.tls
+++ b/subsys/nrf_security/Kconfig.tls
@@ -267,7 +267,7 @@ config MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 	  reduces RAM usage.
 	  Corresponds to MBEDTLS_SSL_KEEP_PEER_CERTIFICATE in mbed TLS config file.
 
-config MBEDTLS_SSL_TLS_1_3_COMPATIBILITY_MODE
+config MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 	bool
 	prompt "Give acces to peer certificate after handshake"
 	default n
diff --git a/subsys/nrf_security/cmake/nrf_config.cmake b/subsys/nrf_security/cmake/nrf_config.cmake
index fd17c6c5bef8..d33351b7b02e 100644
--- a/subsys/nrf_security/cmake/nrf_config.cmake
+++ b/subsys/nrf_security/cmake/nrf_config.cmake
@@ -111,7 +111,7 @@ if (NOT MBEDTLS_PSA_CRYPTO_SPM)
   kconfig_check_and_set_base(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
   kconfig_check_and_set_base(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
   kconfig_check_and_set_base(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
-  kconfig_check_and_set_base(MBEDTLS_SSL_TLS_1_3_COMPATIBILITY_MODE)
+  kconfig_check_and_set_base(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
   kconfig_check_and_set_base(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
   kconfig_check_and_set_base(MBEDTLS_SSL_PROTO_DTLS)
   kconfig_check_and_set_base(MBEDTLS_SSL_ALPN)
diff --git a/subsys/nrf_security/configs/nrf-config.h.template b/subsys/nrf_security/configs/nrf-config.h.template
index cef0300f360a..592b7361f6c3 100644
--- a/subsys/nrf_security/configs/nrf-config.h.template
+++ b/subsys/nrf_security/configs/nrf-config.h.template
@@ -121,7 +121,7 @@
 #cmakedefine MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 #cmakedefine MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
 #cmakedefine MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
-#cmakedefine MBEDTLS_SSL_TLS_1_3_COMPATIBILITY_MODE
+#cmakedefine MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 #cmakedefine MBEDTLS_SSL_PROTO_DTLS
 #cmakedefine MBEDTLS_SSL_ALPN
 #cmakedefine MBEDTLS_SSL_DTLS_ANTI_REPLAY