Mbed TLS doesn't support the TLS 1.3 protocol yet, but a prototype is in development. Stable parts of this prototype that can be independently tested are being successively upstreamed under the guard of the following macro:
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL
This macro will likely be renamed to MBEDTLS_SSL_PROTO_TLS1_3 once a minimal viable implementation of the TLS 1.3 protocol is available.
See the documentation of MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL for more information.
The following lists which parts of the TLS 1.3 prototype have already been upstreamed together with their level of testing:
TLS 1.3 record protection mechanisms
The record protection routines mbedtls_ssl_{encrypt|decrypt}_buf() have been extended to support the modified TLS 1.3 record protection mechanism, including modified computation of AAD, IV, and the introduction of a flexible padding.
Those record protection routines have unit tests in test_suite_ssl alongside the tests for the other record protection routines.
TODO: Add some test vectors from RFC 8448.
The HKDF key derivation function on which the TLS 1.3 key schedule is based, is already present as an independent module controlled by MBEDTLS_HKDF_C independently of the development of the TLS 1.3 prototype.
The TLS 1.3-specific HKDF-based key derivation functions (see RFC 8446):
library/ssl_tls13_keys.c and tested in test_suite_ssl using test vectors from RFC 8448 and https://tls13.ulfheim.net/.New TLS Message Processing Stack (MPS)
The TLS 1.3 prototype is developed alongside a rewrite of the TLS messaging layer, encompassing low-level details such as record parsing, handshake reassembly, and DTLS retransmission state machine.
MPS has the following components:
Of those components, the following have been upstreamed as part of MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:
library/mps_reader.h)