diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic
index 7a7105287a5..0fc2d57818b 100644
--- a/modules/mbedtls/Kconfig.tls-generic
+++ b/modules/mbedtls/Kconfig.tls-generic
@@ -510,4 +510,32 @@ config MBEDTLS_SSL_DTLS_CONNECTION_ID
 	  which allows to identify DTLS connections across changes
 	  in the underlying transport.
 
+
+config MBEDTLS_NIST_KW_C
+	bool "NIST key wrap"
+	depends on MBEDTLS_CIPHER_AES_ENABLED
+	help
+	  Key Wrapping mode for 128-bit block ciphers,
+	  as defined in NIST SP 800-38F.
+
+config MBEDTLS_DHM_C
+	bool "Diffie-Hellman-Merkle mode"
+	help
+	  Used by the following key exchanges,
+	  DHE-RSA, DHE-PSK
+
+config MBEDTLS_X509_CRL_PARSE_C
+	bool "X509 CRL parsing"
+	help
+	  Used by X509 CRL parsing
+
+config MBEDTLS_X509_CSR_WRITE_C
+	bool "X509 Certificate Signing Requests writing"
+	help
+	  For X.509 certificate request writing.
+
+config MBEDTLS_X509_CSR_PARSE_C
+	bool "X509 Certificate Signing Request parsing"
+	help
+	  For reading X.509 certificate request.
 endmenu
diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h
index 850b27d80d6..623986777dd 100644
--- a/modules/mbedtls/configs/config-tls-generic.h
+++ b/modules/mbedtls/configs/config-tls-generic.h
@@ -485,6 +485,27 @@
 #define MBEDTLS_SSL_DTLS_CONNECTION_ID
 #endif
 
+#if defined(CONFIG_MBEDTLS_NIST_KW_C)
+#define MBEDTLS_NIST_KW_C
+#endif
+
+#if defined(CONFIG_MBEDTLS_DHM_C)
+#define MBEDTLS_DHM_C
+#endif
+
+#if defined(CONFIG_MBEDTLS_X509_CRL_PARSE_C)
+#define MBEDTLS_X509_CRL_PARSE_C
+#endif
+
+#if defined(CONFIG_MBEDTLS_X509_CSR_WRITE_C)
+#define MBEDTLS_X509_CSR_WRITE_C
+#define MBEDTLS_X509_CREATE_C
+#endif
+
+#if defined(CONFIG_MBEDTLS_X509_CSR_PARSE_C)
+#define MBEDTLS_X509_CSR_PARSE_C
+#endif
+
 #if defined(CONFIG_MBEDTLS_USER_CONFIG_FILE)
 #include CONFIG_MBEDTLS_USER_CONFIG_FILE
 #endif