diff --git a/src/lib/tls/tls_algos.cpp b/src/lib/tls/tls_algos.cpp
index 0b143eb830d..78623570274 100644
--- a/src/lib/tls/tls_algos.cpp
+++ b/src/lib/tls/tls_algos.cpp
@@ -153,6 +153,15 @@ std::optional<Group_Params> Group_Params::from_string(std::string_view group_nam
    if(group_name == "brainpool512r1") {
       return Group_Params::BRAINPOOL512R1;
    }
+   if(group_name == "brainpool256r1tls13") {
+      return Group_Params::BRAINPOOL256R1_TLS13;
+   }
+   if(group_name == "brainpool384r1tls13") {
+      return Group_Params::BRAINPOOL384R1_TLS13;
+   }
+   if(group_name == "brainpool512r1tls13") {
+      return Group_Params::BRAINPOOL512R1_TLS13;
+   }
    if(group_name == "x25519") {
       return Group_Params::X25519;
    }
@@ -224,6 +233,12 @@ std::optional<std::string> Group_Params::to_string() const {
          return "brainpool384r1";
       case Group_Params::BRAINPOOL512R1:
          return "brainpool512r1";
+      case Group_Params::BRAINPOOL256R1_TLS13:
+         return "brainpool256r1tls13";
+      case Group_Params::BRAINPOOL384R1_TLS13:
+         return "brainpool384r1tls13";
+      case Group_Params::BRAINPOOL512R1_TLS13:
+         return "brainpool512r1tls13";
       case Group_Params::X25519:
          return "x25519";
 
@@ -269,6 +284,17 @@ std::optional<std::string> Group_Params::to_string() const {
 
 std::optional<std::string> Group_Params::to_algorithm_spec() const {
    switch(m_code) {
+      // Brainpool curves have two sets of code points. See RFCs 7027 and 8734.
+      case Group_Params::BRAINPOOL256R1:
+      case Group_Params::BRAINPOOL256R1_TLS13:
+         return "brainpool256r1";
+      case Group_Params::BRAINPOOL384R1:
+      case Group_Params::BRAINPOOL384R1_TLS13:
+         return "brainpool384r1";
+      case Group_Params::BRAINPOOL512R1:
+      case Group_Params::BRAINPOOL512R1_TLS13:
+         return "brainpool512r1";
+
       default:
          return to_string();
    }
diff --git a/src/lib/tls/tls_algos.h b/src/lib/tls/tls_algos.h
index 13e1bad462d..5e9a2c61e0c 100644
--- a/src/lib/tls/tls_algos.h
+++ b/src/lib/tls/tls_algos.h
@@ -91,6 +91,13 @@ enum class Group_Params_Code : uint16_t {
 
    X25519 = 29,
 
+   // The original brainpool code points (see above) were deprecated by IETF
+   // and should therefore not be used in TLS 1.3 and above.
+   // RFC 8734 re-introduced them for TLS 1.3, as new code points. -.-
+   BRAINPOOL256R1_TLS13 = 31,
+   BRAINPOOL384R1_TLS13 = 32,
+   BRAINPOOL512R1_TLS13 = 33,
+
    FFDHE_2048 = 256,
    FFDHE_3072 = 257,
    FFDHE_4096 = 258,
@@ -151,7 +158,9 @@ class BOTAN_PUBLIC_API(3, 2) Group_Params final {
       constexpr bool is_ecdh_named_curve() const {
          return m_code == Group_Params_Code::SECP256R1 || m_code == Group_Params_Code::SECP384R1 ||
                 m_code == Group_Params_Code::SECP521R1 || m_code == Group_Params_Code::BRAINPOOL256R1 ||
-                m_code == Group_Params_Code::BRAINPOOL384R1 || m_code == Group_Params_Code::BRAINPOOL512R1;
+                m_code == Group_Params_Code::BRAINPOOL384R1 || m_code == Group_Params_Code::BRAINPOOL512R1 ||
+                m_code == Group_Params_Code::BRAINPOOL256R1_TLS13 ||
+                m_code == Group_Params_Code::BRAINPOOL384R1_TLS13 || m_code == Group_Params_Code::BRAINPOOL512R1_TLS13;
       }
 
       constexpr bool is_in_ffdhe_range() const {
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 57591667d7c..4b0d69194d0 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -162,8 +162,9 @@ std::vector<Group_Params> Policy::key_exchange_groups() const {
       Group_Params::X25519,
 #endif
 
-         Group_Params::SECP256R1, Group_Params::BRAINPOOL256R1, Group_Params::SECP384R1, Group_Params::BRAINPOOL384R1,
-         Group_Params::SECP521R1, Group_Params::BRAINPOOL512R1,
+         Group_Params::SECP256R1, Group_Params::BRAINPOOL256R1, Group_Params::BRAINPOOL256R1_TLS13,
+         Group_Params::SECP384R1, Group_Params::BRAINPOOL384R1, Group_Params::BRAINPOOL384R1_TLS13,
+         Group_Params::SECP521R1, Group_Params::BRAINPOOL512R1, Group_Params::BRAINPOOL512R1_TLS13,
 
          Group_Params::FFDHE_2048, Group_Params::FFDHE_3072, Group_Params::FFDHE_4096, Group_Params::FFDHE_6144,
          Group_Params::FFDHE_8192,
diff --git a/src/lib/tls/tls_policy.h b/src/lib/tls/tls_policy.h
index 28e2886c159..fa081d139e7 100644
--- a/src/lib/tls/tls_policy.h
+++ b/src/lib/tls/tls_policy.h
@@ -561,8 +561,11 @@ class BOTAN_PUBLIC_API(2, 0) BSI_TR_02102_2 : public Policy {
 
       std::vector<Group_Params> key_exchange_groups() const override {
          return std::vector<Group_Params>({Group_Params::BRAINPOOL512R1,
+                                           Group_Params::BRAINPOOL512R1_TLS13,
                                            Group_Params::BRAINPOOL384R1,
+                                           Group_Params::BRAINPOOL384R1_TLS13,
                                            Group_Params::BRAINPOOL256R1,
+                                           Group_Params::BRAINPOOL256R1_TLS13,
                                            Group_Params::SECP521R1,
                                            Group_Params::SECP384R1,
                                            Group_Params::SECP256R1,
diff --git a/src/tests/data/tls-policy/bsi.txt b/src/tests/data/tls-policy/bsi.txt
index c06cd9b9951..1d941f14ba9 100644
--- a/src/tests/data/tls-policy/bsi.txt
+++ b/src/tests/data/tls-policy/bsi.txt
@@ -10,7 +10,7 @@ signature_hashes = SHA-512 SHA-384 SHA-256
 macs = AEAD SHA-384 SHA-256
 key_exchange_methods = ECDH DH ECDHE_PSK
 signature_methods = ECDSA RSA DSA
-key_exchange_groups = brainpool512r1 brainpool384r1 brainpool256r1 secp521r1 secp384r1 secp256r1 ffdhe/ietf/4096 ffdhe/ietf/3072
+key_exchange_groups = brainpool512r1 brainpool512r1tls13 brainpool384r1 brainpool384r1tls13 brainpool256r1 brainpool256r1tls13 secp521r1 secp384r1 secp256r1 ffdhe/ietf/4096 ffdhe/ietf/3072
 minimum_signature_strength = 120
 minimum_dh_group_size = 3000
 minimum_dsa_group_size = 3000
diff --git a/src/tests/data/tls-policy/default_tls13.txt b/src/tests/data/tls-policy/default_tls13.txt
index 09970c70f70..b542a8d569f 100644
--- a/src/tests/data/tls-policy/default_tls13.txt
+++ b/src/tests/data/tls-policy/default_tls13.txt
@@ -9,7 +9,7 @@ macs = AEAD SHA-256 SHA-384 SHA-1
 signature_hashes = SHA-512 SHA-384 SHA-256
 signature_methods = ECDSA RSA
 key_exchange_methods = ECDH DH
-key_exchange_groups = x25519 secp256r1 brainpool256r1 secp384r1 brainpool384r1 secp521r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
+key_exchange_groups = x25519 secp256r1 brainpool256r1 brainpool256r1tls13 secp384r1 brainpool384r1 brainpool384r1tls13 secp521r1 brainpool512r1 brainpool512r1tls13 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
 allow_server_initiated_renegotiation = false
diff --git a/src/tests/data/tls-policy/strict_tls13.txt b/src/tests/data/tls-policy/strict_tls13.txt
index 30c5de059c0..4643cd6462a 100644
--- a/src/tests/data/tls-policy/strict_tls13.txt
+++ b/src/tests/data/tls-policy/strict_tls13.txt
@@ -9,7 +9,7 @@ macs = AEAD
 signature_hashes = SHA-512 SHA-384
 signature_methods = ECDSA RSA
 key_exchange_methods = ECDH
-key_exchange_groups = x25519 secp256r1 brainpool256r1 secp384r1 brainpool384r1 secp521r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
+key_exchange_groups = x25519 secp256r1 brainpool256r1 brainpool256r1tls13 secp384r1 brainpool384r1 brainpool384r1tls13 secp521r1 brainpool512r1 brainpool512r1tls13 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
 allow_insecure_renegotiation = false
 include_time_in_hello_random = true
 allow_server_initiated_renegotiation = false