diff --git a/lib/peridiod/config.ex b/lib/peridiod/config.ex
index 3aa6527..997d6fa 100644
--- a/lib/peridiod/config.ex
+++ b/lib/peridiod/config.ex
@@ -255,7 +255,8 @@ defmodule Peridiod.Config do
       |> Map.put(:ssl,
         server_name_indication: to_charlist(config.device_api_host),
         verify: verify,
-        cacertfile: config.device_api_ca_certificate_path
+        cacertfile: config.device_api_ca_certificate_path,
+        versions: [:"tlsv1.3", :"tlsv1.2"]
       )
 
     case config.key_pair_source do
@@ -413,7 +414,6 @@ defmodule Peridiod.Config do
     ssl =
       base.ssl
       |> Keyword.put_new(:verify, :verify_peer)
-      |> Keyword.put_new(:versions, [:"tlsv1.2"])
       |> Keyword.put_new(:server_name_indication, to_charlist(base.device_api_sni))
 
     %{base | socket: socket, ssl: ssl}
diff --git a/test/peridiod/config_test.exs b/test/peridiod/config_test.exs
index 70de374..f9ab6a5 100644
--- a/test/peridiod/config_test.exs
+++ b/test/peridiod/config_test.exs
@@ -25,6 +25,16 @@ defmodule Peridiod.ConfigTest do
     end
   end
 
+  describe "tls versions" do
+    test "ssl options include both TLS 1.2 and TLS 1.3" do
+      with_config_file("test/fixtures/peridio.json", fn ->
+        config = build_config()
+        assert :"tlsv1.2" in config.ssl[:versions]
+        assert :"tlsv1.3" in config.ssl[:versions]
+      end)
+    end
+  end
+
   describe "device_api_verify" do
     test "struct default is :verify_peer" do
       assert %Peridiod.Config{}.device_api_verify == :verify_peer