diff --git a/components/net/lwip/lwip-2.1.2/src/apps/altcp_tls/altcp_tls_mbedtls.c b/components/net/lwip/lwip-2.1.2/src/apps/altcp_tls/altcp_tls_mbedtls.c
index d642decb54f..10dc720a5e6 100644
--- a/components/net/lwip/lwip-2.1.2/src/apps/altcp_tls/altcp_tls_mbedtls.c
+++ b/components/net/lwip/lwip-2.1.2/src/apps/altcp_tls/altcp_tls_mbedtls.c
@@ -732,7 +732,11 @@ altcp_tls_create_config(int is_server, int have_cert, int have_pkey, int have_ca
     altcp_mbedtls_free_config(conf);
     return NULL;
   }
-  mbedtls_ssl_conf_authmode(&conf->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
+  if (!is_server && have_ca) {
+    mbedtls_ssl_conf_authmode(&conf->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+  } else {
+    mbedtls_ssl_conf_authmode(&conf->conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
+  }
 
   mbedtls_ssl_conf_rng(&conf->conf, mbedtls_ctr_drbg_random, &conf->ctr_drbg);
 #if ALTCP_MBEDTLS_DEBUG != LWIP_DBG_OFF