diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 46c071b6bb..b06147c0c9 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -99,7 +99,6 @@ static int ssl_client_hello_process( mbedtls_ssl_context* ssl )
 
     MBEDTLS_SSL_PROC_CHK( ssl_client_hello_postprocess, ( ssl ) );
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg, ( ssl, buf_len, msg_len ) );
-    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
 
 cleanup:
 
@@ -111,8 +110,31 @@ cleanup:
 
 static int ssl_client_hello_prepare( mbedtls_ssl_context* ssl )
 {
-    ((void) ssl);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    int ret;
+    size_t rand_bytes_len;
+
+    if( ssl->conf->f_rng == NULL )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "no RNG provided" ) );
+        return( MBEDTLS_ERR_SSL_NO_RNG );
+    }
+
+    rand_bytes_len = 32;
+
+    if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->handshake->randbytes, rand_bytes_len ) ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_RET( 1, "ssl_generate_random", ret );
+        return( ret );
+    }
+
+    return( 0 );
+}
+
+static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
+{
+    mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_SERVER_HELLO );
+
+    return( 0 );
 }
 
 static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
@@ -128,11 +150,7 @@ static int ssl_client_hello_write_partial( mbedtls_ssl_context* ssl,
     return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 }
 
-static int ssl_client_hello_postprocess( mbedtls_ssl_context* ssl )
-{
-    ((void) ssl);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
-}
+
 
 #endif /* MBEDTLS_SSL_CLI_C */
 
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 51c8fe3bd5..5aa5d8a014 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -23,6 +23,8 @@
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
 
+#include "mbedtls/error.h"
+
 #include "ssl_misc.h"
 
 int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
@@ -30,21 +32,27 @@ int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl,
                                      unsigned char **buf,
                                      size_t *buflen )
 {
-    ((void) ssl);
-    ((void) hs_type);
-    ((void) buf);
-    ((void) buflen);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+    *buf = ssl->out_msg + 4;
+    *buflen = MBEDTLS_SSL_OUT_CONTENT_LEN - 4;
+
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
+    ssl->out_msg[0]  = hs_type;
+
+    return( 0 );
 }
 
 int mbedtls_ssl_finish_handshake_msg( mbedtls_ssl_context *ssl,
                                       size_t buf_len,
                                       size_t msg_len )
 {
-    ((void) ssl);
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     ((void) buf_len);
-    ((void) msg_len);
-    return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
+
+    ssl->out_msglen = msg_len + 4;
+    MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_write_handshake_msg_ext, ( ssl, 0 ) );
+
+cleanup:
+    return( ret );
 }
 
 void mbedtls_ssl_add_hs_hdr_to_checksum( mbedtls_ssl_context *ssl,