diff --git a/ChangeLog.d/fix-tls13-server-min-version-check.txt b/ChangeLog.d/fix-tls13-server-min-version-check.txt
new file mode 100644
index 0000000000..b05ad7c542
--- /dev/null
+++ b/ChangeLog.d/fix-tls13-server-min-version-check.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * Add missing check for `min_tls_version` in TLS 1.3 server-side.
+     Without this, TLS 1.3 server may downgrade protocol to a TLS version
+     below its supported minimum TLS version. Fixes #8593.