diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 5fe9849840..b7ad7e98d9 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -843,6 +843,11 @@
 #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
 #endif
 
+#if defined(MBEDTLS_SSL_TICKET_NONCE_LENGTH) && \
+    MBEDTLS_SSL_TICKET_NONCE_LENGTH >= 256
+#error "MBEDTLS_SSL_TICKET_NONCE_LENGTH must be less than 256"
+#endif
+
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
         !defined(MBEDTLS_X509_CRT_PARSE_C)
 #error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index ed673e7d7e..6d50c8d4ea 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1546,7 +1546,7 @@
  *
  * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
  *
- * This must be smaller or equal to 255.
+ * This must be less than 256.
  */
 #define MBEDTLS_SSL_TICKET_NONCE_LENGTH 32
 
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 9703fcb165..ca727f9832 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1185,7 +1185,7 @@ struct mbedtls_ssl_session
 #endif /* MBEDTLS_SHA256_C  */
 
 #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C)
-    time_t MBEDTLS_PRIVATE(ticket_received);                /*!< time ticket was received */
+    mbedtls_time_t MBEDTLS_PRIVATE(ticket_received);        /*!< time ticket was received */
 #endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_CLI_C */
 
 #endif /*  MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 985c9af336..93f58e0528 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1915,6 +1915,8 @@ static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,
 }
 
 /*
+ * From RFC8446, page 74
+ *
  * struct {
  *    uint32 ticket_lifetime;
  *    uint32 ticket_age_add;
@@ -1943,7 +1945,7 @@ static int ssl_tls13_parse_new_session_ticket( mbedtls_ssl_context *ssl,
     /*
      *    ticket_lifetime   4 bytes
      *    ticket_age_add    4 bytes
-     *    ticket_nonce      >=1 byte
+     *    ticket_nonce_len  1 byte
      */
     MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 9 );
 
@@ -2022,7 +2024,7 @@ static int ssl_tls13_postprocess_new_session_ticket( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_HAVE_TIME)
     /* Store ticket creation time */
-    session->ticket_received = time( NULL );
+    session->ticket_received = mbedtls_time( NULL );
 #endif
 
     ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( session->ciphersuite );