diff --git a/ChangeLog.d/ssl_get_version_1_3.txt b/ChangeLog.d/ssl_get_version_1_3.txt
new file mode 100644
index 000000000..4436522b6
--- /dev/null
+++ b/ChangeLog.d/ssl_get_version_1_3.txt
@@ -0,0 +1,2 @@
+Bugfix
+   * Fix mbedtls_ssl_get_version() not reporting TLSv1.3. Fixes #5406.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 436e15c14..adb18ab6c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2241,7 +2241,8 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl )
     {
         case MBEDTLS_SSL_MINOR_VERSION_3:
             return( "TLSv1.2" );
-
+        case MBEDTLS_SSL_MINOR_VERSION_4:
+            return( "TLSv1.3" );
         default:
             return( "unknown" );
     }
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index dd05716ed..0548c14ba 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9668,6 +9668,7 @@ run_test    "TLS 1.3: minimal feature sets - openssl" \
             -c "<= parse certificate verify"          \
             -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
             -c "<= parse finished message" \
+            -c "Protocol is TLSv1.3" \
             -c "HTTP/1.0 200 ok"
 
 requires_gnutls_tls1_3