diff --git a/library/ssl_client.c b/library/ssl_client.c
index 8e4e9688f..afe07e815 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -899,6 +899,9 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl )
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */
     {
 
+        mbedtls_ssl_add_hs_hdr_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
+                                            msg_len );
+        ssl->handshake->update_checksum( ssl, buf, msg_len - binders_len );
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
     defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
         if( binders_len > 0 )
@@ -907,10 +910,10 @@ int mbedtls_ssl_write_client_hello( mbedtls_ssl_context *ssl )
                 mbedtls_ssl_tls13_write_pre_shared_key_ext_binders(
                       ssl, buf + msg_len - binders_len, buf + msg_len ) );
         }
+        ssl->handshake->update_checksum( ssl, buf + msg_len - binders_len,
+                                         binders_len );
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
-        mbedtls_ssl_add_hs_msg_to_checksum( ssl, MBEDTLS_SSL_HS_CLIENT_HELLO,
-                                            buf, msg_len );
         MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg( ssl,
                                                                 buf_len,
                                                                 msg_len ) );
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 30c3c3a64..f55dede2a 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -1336,6 +1336,9 @@ int mbedtls_ssl_write_finished( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
                             const mbedtls_ssl_ciphersuite_t *ciphersuite_info );
 
+void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+                                         unsigned hs_type,
+                                         size_t total_hs_len );
 /*
  * Update checksum of handshake messages.
  */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e60b82fa5..5a72fede4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -532,9 +532,9 @@ void mbedtls_ssl_optimize_checksum( mbedtls_ssl_context *ssl,
     }
 }
 
-static void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
-                                                unsigned hs_type,
-                                                size_t total_hs_len )
+void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,
+                                         unsigned hs_type,
+                                         size_t total_hs_len )
 {
     unsigned char hs_hdr[4];
 
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 6e82631f9..43a84867f 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -810,6 +810,8 @@ int mbedtls_ssl_tls13_write_pre_shared_key_ext_binders(
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char *p = buf;
+    const unsigned char *psk_identity;
+    size_t psk_identity_len;
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info = NULL;
     psa_algorithm_t psa_hash_alg;
     int hash_len = 0;
@@ -819,6 +821,12 @@ int mbedtls_ssl_tls13_write_pre_shared_key_ext_binders(
     unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
     size_t transcript_len;
 
+    if( mbedtls_ssl_get_psk_to_offer( ssl, &psk_type, &psk, &psk_len,
+                                      &psk_identity, &psk_identity_len ) != 0 )
+    {
+        return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+    }
+
     ciphersuite_info = mbedtls_ssl_ciphersuite_from_id(
             ssl->session_negotiate->ciphersuite );
     if( ciphersuite_info  == NULL )
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ec2ac69b1..b8b377e7f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -11998,6 +11998,37 @@ run_test    "TLS 1.3, default suite, PSK" \
             -c "client hello, adding PSK binder list" \
             -c "<= write client hello"
 
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test    "TLS 1.3, default suite, PSK - openssl" \
+            "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
+            "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \
+            1 \
+            -c "=> write client hello" \
+            -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+            -c "client hello, adding psk_key_exchange_modes extension" \
+            -c "client hello, adding PSK binder list" \
+            -c "<= write client hello"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
+requires_gnutls_next_no_ticket
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test    "TLS 1.3, default suite, PSK - gnutls" \
+            "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK:+CIPHER-ALL:%NO_TICKETS --pskhint=0a0b0c" \
+            "$P_CLI debug_level=4 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk force_ciphersuite=TLS1-3-AES-128-GCM-SHA256" \
+            1 \
+            -c "=> write client hello" \
+            -c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
+            -c "client hello, adding psk_key_exchange_modes extension" \
+            -c "client hello, adding PSK binder list" \
+            -c "<= write client hello"
+
 for i in opt-testcases/*.sh
 do
     TEST_SUITE_NAME=${i##*/}