diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index f1d16bc60..080474613 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -802,11 +802,23 @@ typedef struct mbedtls_ssl_flight_item mbedtls_ssl_flight_item;
 #endif
 
 #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN   0
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT  1
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED  2
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED  3
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN           0
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT          1
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT   2
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED          3
+#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED          4
 #endif
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+
+typedef enum
+{
+    MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA = 1,
+    MBEDTLS_SSL_TICKET_ALLOW_DHE_RESUMPTION = 2,
+    MBEDTLS_SSL_TICKET_ALLOW_PSK_RESUMPTION = 4,
+} mbedtls_ssl_ticket_flags;
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
 /**
  * \brief          Callback type: server-side session cache getter
  *
@@ -1790,9 +1802,6 @@ struct mbedtls_ssl_context
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
-    /*
-     * early data request status
-     */
     int MBEDTLS_PRIVATE(early_data_status);
 #endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */
 
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 4412f8e21..9efbbbcd2 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -33,6 +33,11 @@
 
 const char *mbedtls_ssl_states_str( mbedtls_ssl_states in );
 
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+const char *mbedtls_ssl_ticket_flags_str( mbedtls_ssl_ticket_flags in );
+#endif /* defined(MBEDTLS_SSL_PROTO_TLS1_3) &&
+          defined(MBEDTLS_SSL_SESSION_TICKETS) */
+
 const char *mbedtls_ssl_protocol_version_str( mbedtls_ssl_protocol_version in );
 
 const char *mbedtls_tls_prf_types_str( mbedtls_tls_prf_types in );
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 581e1534c..342cabb3a 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -991,13 +991,6 @@ struct mbedtls_ssl_handshake_params
     } tls13_master_secrets;
 
     mbedtls_ssl_tls13_handshake_secrets tls13_hs_secrets;
-
-#if defined(MBEDTLS_SSL_EARLY_DATA)
-    int early_data;     /*!< Early data indication:
-                         * 0  -- MBEDTLS_SSL_EARLY_DATA_DISABLED (for no early data), and
-                         * 1  -- MBEDTLS_SSL_EARLY_DATA_ENABLED (for use early data)
-                         */
-#endif /* MBEDTLS_SSL_EARLY_DATA */
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index b539f8ff4..46c7c4589 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -705,8 +705,8 @@ static int ssl_tls13_early_data_has_valid_ticket( mbedtls_ssl_context *ssl )
 {
     mbedtls_ssl_session *session = ssl->session_negotiate;
     return( ssl->handshake->resume &&
-            session != NULL && session->ticket != NULL &&
             session->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 &&
+            ( session->ticket_flags & MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA ) &&
             mbedtls_ssl_tls13_cipher_suite_is_offered(
                 ssl, session->ciphersuite ) );
 }
@@ -1174,11 +1174,7 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
     if( mbedtls_ssl_conf_tls13_some_psk_enabled( ssl ) &&
-        ( mbedtls_ssl_conf_has_static_psk( ssl->conf ) == 1
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-          || ssl_tls13_early_data_has_valid_ticket( ssl )
-#endif
-        ) &&
+        ssl_tls13_early_data_has_valid_ticket( ssl ) &&
         ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED )
     {
         ret = mbedtls_ssl_tls13_write_early_data_ext( ssl, p, end, &ext_len );
@@ -1186,15 +1182,14 @@ int mbedtls_ssl_tls13_write_client_hello_exts( mbedtls_ssl_context *ssl,
             return( ret );
         p += ext_len;
 
-        ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_ON;
-        /* Initializes the status to `rejected`. Changes it to `accepted`
+        /* Initializes the status to `indication sent`. Changes it to `accepted`
          * when `early_data` is received in EncryptedExtesion. */
-        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
+        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_INDICATION_SENT;
     }
     else
     {
         MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write early_data extension" ) );
-        ssl->handshake->early_data = MBEDTLS_SSL_EARLY_DATA_OFF;
+        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
     }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
@@ -2543,6 +2538,13 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,
 
         switch( extension_type )
         {
+            case MBEDTLS_TLS_EXT_EARLY_DATA:
+                MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) );
+                if( extension_data_len == 4 && ssl->session != NULL)
+                    ssl->session->ticket_flags |=
+                            MBEDTLS_SSL_TICKET_ALLOW_EARLY_DATA;
+                break;
+
             default:
                 MBEDTLS_SSL_PRINT_EXT(
                     3, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 868de81d2..b6c3982d8 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -13042,15 +13042,15 @@ run_test    "TLS 1.3: NewSessionTicket: servername negative check, m->m" \
             -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET" \
             -s "server state: MBEDTLS_SSL_NEW_SESSION_TICKET_FLUSH"
 
-requires_openssl_next
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_gnutls_tls1_3
 requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_SRV_C
 requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_EARLY_DATA
-run_test    "TLS 1.3, ext PSK, early data" \
-            "$O_NEXT_SRV_EARLY_DATA -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex -nocert" \
-            "$P_CLI debug_level=5 force_version=tls13 tls13_kex_modes=psk early_data=1 psk=010203 psk_identity=0a0b0c" \
+requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+                             MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test    "TLS 1.3: NewSessionTicket: early data, m->G" \
+            "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+PSK --earlydata --disable-client-cert" \
+            "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \
             1 \
             -c "=> write client hello"  \
             -c "client hello, adding early_data extension"  \