diff --git a/ChangeLog.d/tls13-server-version-negotiation.txt b/ChangeLog.d/tls13-server-version-negotiation.txt
new file mode 100644
index 0000000000..989018b400
--- /dev/null
+++ b/ChangeLog.d/tls13-server-version-negotiation.txt
@@ -0,0 +1,5 @@
+Features
+   * Add support for server-side TLS version negotiation. If both TLS 1.2 and
+     TLS 1.3 protocols are enabled, the TLS server now selects TLS 1.2 or
+     TLS 1.3 depending on the capabilities and preferences of TLS clients.
+     Fixes #6867.
diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index 85482ba9ed..6db0e54c39 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -86,17 +86,11 @@ Support description
 
 - Supported versions:
 
-  - TLS 1.2 and TLS 1.3 with version negotiation on the client side, not server
-    side.
+  - TLS 1.2 and TLS 1.3 with version negotiation on client and server side.
 
   - TLS 1.2 and TLS 1.3 can be enabled in the build independently of each
     other.
 
-  - If both TLS 1.3 and TLS 1.2 are enabled at build time, only one of them can
-    be configured at runtime via `mbedtls_ssl_conf_{min,max}_tls_version` for a
-    server endpoint. Otherwise, `mbedtls_ssl_setup` will raise
-    `MBEDTLS_ERR_SSL_BAD_CONFIG` error.
-
 - Compatibility with existing SSL/TLS build options:
 
   The TLS 1.3 implementation is compatible with nearly all TLS 1.2