diff --git a/src/eap_peer/eap_tls_common.c b/src/eap_peer/eap_tls_common.c
index 8572005d7..0de131526 100644
--- a/src/eap_peer/eap_tls_common.c
+++ b/src/eap_peer/eap_tls_common.c
@@ -387,6 +387,13 @@ u8 * eap_peer_tls_derive_session_id(struct eap_sm *sm,
 	struct tls_random keys;
 	u8 *out;
 
+	if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
+		*len = 64;
+		return eap_peer_tls_derive_key(sm, data,
+					       "EXPORTER_EAP_TLS_Session-Id",
+					       64);
+	}
+
 	if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys) ||
 	    keys.client_random == NULL || keys.server_random == NULL)
 		return NULL;
diff --git a/src/eap_server/eap_server_tls_common.c b/src/eap_server/eap_server_tls_common.c
index c2e0cf0c8..4f9cb0875 100644
--- a/src/eap_server/eap_server_tls_common.c
+++ b/src/eap_server/eap_server_tls_common.c
@@ -145,6 +145,13 @@ u8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
 	struct tls_random keys;
 	u8 *out;
 
+	if (eap_type == EAP_TYPE_TLS && data->tls_v13) {
+		*len = 64;
+		return eap_server_tls_derive_key(sm, data,
+						 "EXPORTER_EAP_TLS_Session-Id",
+						 64);
+	}
+
 	if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys))
 		return NULL;