diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 47e56e8796..23d7b22070 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -65,6 +65,13 @@
 /* Faked handshake message identity for HelloRetryRequest. */
 #define MBEDTLS_SSL_TLS1_3_HS_HELLO_RETRY_REQUEST (-MBEDTLS_SSL_HS_SERVER_HELLO)
 
+/* TLS 1.3: Interoperate with peers that support middlebox compatibility
+ * mode, but don't produce the relevant messages ourselves.
+ *
+ * This is always enabled (with effect only when TLS 1.3 is enabled).
+ */
+#define MBEDTLS_SSL_TLS1_3_ACCEPT_COMPATIBILITY_MODE
+
 /*
  * Internal identity of handshake extensions
  */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 2bdad848a9..86463bcb9c 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5066,7 +5066,7 @@ int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl)
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
         if (ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3) {
-#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+#if defined(MBEDTLS_SSL_TLS1_3_ACCEPT_COMPATIBILITY_MODE)
             MBEDTLS_SSL_DEBUG_MSG(1,
                                   ("Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"));
             return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
@@ -5074,7 +5074,7 @@ int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl)
             MBEDTLS_SSL_DEBUG_MSG(1,
                                   ("ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"));
             return MBEDTLS_ERR_SSL_INVALID_RECORD;
-#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+#endif /* MBEDTLS_SSL_TLS1_3_ACCEPT_COMPATIBILITY_MODE */
         }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
     }