diff --git a/tls-client/main.cpp b/tls-client/main.cpp
index 5476c692d..77f54fc2b 100644
--- a/tls-client/main.cpp
+++ b/tls-client/main.cpp
@@ -35,6 +35,9 @@
 #include "mbed.h"
 
 #include "mbedtls/platform.h"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#include "psa/crypto.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #include "HelloHttpsClient.h"
 
@@ -56,6 +59,25 @@ int main()
         printf("Platform initialization failed with error %d\r\n", exit_code);
         return MBEDTLS_EXIT_FAILURE;
     }
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    /*
+     * Initialize underlying PSA Crypto implementation.
+     * Even if the HTTPS client doesn't make use of
+     * PSA-specific API, for example for setting opaque PSKs
+     * or opaque private keys, Mbed TLS will use PSA
+     * for public and symmetric key operations as well as
+     * hashing.
+     */
+    psa_status_t status;
+    status = psa_crypto_init();
+    if( status != PSA_SUCCESS )
+    {
+        printf("psa_crypto_init() failed with %d\r\n", status );
+        return MBEDTLS_EXIT_FAILURE;
+    }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
     /*
      * The default 9600 bps is too slow to print full TLS debug info and could
      * cause the other party to time out.
diff --git a/tls-client/mbedtls_entropy_config.h b/tls-client/mbedtls_entropy_config.h
index b5dc56fb4..d0b032e2e 100644
--- a/tls-client/mbedtls_entropy_config.h
+++ b/tls-client/mbedtls_entropy_config.h
@@ -36,4 +36,14 @@
 #undef MBEDTLS_MPI_MAX_SIZE
 #define MBEDTLS_MPI_MAX_SIZE        256
 
+/* This macro determines whether Mbed TLS uses its own legacy crypto library
+ * or an implementation of the PSA Crypto API such as Mbed Crypto.
+ *
+ * To confirm the use of PSA Crypto, you may enable debugging by setting
+ * HELLO_HTTPS_CLIENT_DEBUG_LEVEL in HelloHttpsClient.h and look for
+ * PSA-related debugging output on the serial line.
+ *
+ * Uncomment this to use the PSA Crypto API. */
+//#define MBEDTLS_USE_PSA_CRYPTO
+
 #define MBEDTLS_MPI_WINDOW_SIZE     1