diff --git a/.gitlab/ci/target-test.yml b/.gitlab/ci/target-test.yml
index 53ecb74549b..9b1042da1a3 100644
--- a/.gitlab/ci/target-test.yml
+++ b/.gitlab/ci/target-test.yml
@@ -522,7 +522,7 @@ UT_001:
 
 UT_002:
   extends: .unit_test_esp32_template
-  parallel: 15
+  parallel: 16
   tags:
     - ESP32_IDF
     - UT_T1_1
@@ -727,7 +727,7 @@ UT_S2_SDSPI:
 
 UT_C3:
   extends: .unit_test_esp32c3_template
-  parallel: 35
+  parallel: 36
   tags:
     - ESP32C3_IDF
     - UT_T1_1
diff --git a/components/mbedtls/CMakeLists.txt b/components/mbedtls/CMakeLists.txt
index c8256547adf..168dbc8cf3f 100644
--- a/components/mbedtls/CMakeLists.txt
+++ b/components/mbedtls/CMakeLists.txt
@@ -177,7 +177,7 @@ if(CONFIG_MBEDTLS_HARDWARE_SHA)
     )
 endif()
 
-if(CONFIG_MBEDTLS_HARDWARE_GCM)
+if(CONFIG_MBEDTLS_HARDWARE_GCM OR (NOT CONFIG_SOC_AES_SUPPORT_GCM AND CONFIG_MBEDTLS_HARDWARE_AES))
     target_sources(mbedcrypto PRIVATE  "${COMPONENT_DIR}/port/aes/esp_aes_gcm.c")
 endif()
 
diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c
index 5b74078bae7..8bd5616a755 100644
--- a/components/mbedtls/port/aes/esp_aes_gcm.c
+++ b/components/mbedtls/port/aes/esp_aes_gcm.c
@@ -28,7 +28,6 @@
 
 #include "soc/soc_caps.h"
 
-#if SOC_AES_SUPPORT_GCM
 
 #include "aes/esp_aes.h"
 #include "aes/esp_aes_gcm.h"
@@ -41,6 +40,7 @@
 #include "soc/soc_memory_layout.h"
 
 #include "mbedtls/error.h"
+#include "mbedtls/platform.h"
 #include <string.h>
 
 #define ESP_PUT_BE64(a, val)                                    \
@@ -382,6 +382,7 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
     /* H and the lookup table are only generated once per ctx */
     if (ctx->gcm_state == ESP_AES_GCM_STATE_INIT) {
         /* Lock the AES engine to calculate ghash key H in hardware */
+#if SOC_AES_SUPPORT_GCM
         esp_aes_acquire_hardware();
         ctx->aes_ctx.key_in_hardware = aes_hal_setkey(ctx->aes_ctx.key, ctx->aes_ctx.key_bytes, mode);
         aes_hal_mode_init(ESP_AES_BLOCK_MODE_GCM);
@@ -389,6 +390,10 @@ int esp_aes_gcm_starts( esp_gcm_context *ctx,
         aes_hal_gcm_calc_hash(ctx->H);
 
         esp_aes_release_hardware();
+#else
+        memset(ctx->H, 0, sizeof(ctx->H));
+        esp_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT, ctx->H, ctx->H);
+#endif
         gcm_gen_table(ctx);
     }
 
@@ -494,6 +499,7 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx,
     return esp_aes_crypt_ctr(&ctx->aes_ctx, tag_len, &nc_off, ctx->ori_j0, stream, ctx->ghash, tag);
 }
 
+#if SOC_AES_SUPPORT_GCM
 /* Due to restrictions in the hardware (e.g. need to do the whole conversion in one go),
    some combinations of inputs are not supported */
 static bool esp_aes_gcm_input_support_hw_accel(size_t length, const unsigned char *aad, size_t aad_len,
@@ -523,6 +529,7 @@ static bool esp_aes_gcm_input_support_hw_accel(size_t length, const unsigned cha
 
     return support_hw_accel;
 }
+#endif
 
 static int esp_aes_gcm_crypt_and_tag_partial_hw( esp_gcm_context *ctx,
         int mode,
@@ -565,6 +572,7 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
                                size_t tag_len,
                                unsigned char *tag )
 {
+#if SOC_AES_SUPPORT_GCM
     int ret;
     lldesc_t aad_desc[2] = {};
     lldesc_t *aad_head_desc = NULL;
@@ -667,6 +675,9 @@ int esp_aes_gcm_crypt_and_tag( esp_gcm_context *ctx,
     esp_aes_release_hardware();
 
     return ( ret );
+#else
+    return esp_aes_gcm_crypt_and_tag_partial_hw(ctx, mode, length, iv, iv_len, aad, aad_len, input, output, tag_len, tag);
+#endif
 }
 
 
@@ -704,5 +715,3 @@ int esp_aes_gcm_auth_decrypt( esp_gcm_context *ctx,
 
     return ( 0 );
 }
-
-#endif //SOC_AES_SUPPORT_GCM
diff --git a/components/mbedtls/port/include/gcm_alt.h b/components/mbedtls/port/include/gcm_alt.h
index 7210d92b877..d87ac1c6187 100644
--- a/components/mbedtls/port/include/gcm_alt.h
+++ b/components/mbedtls/port/include/gcm_alt.h
@@ -31,7 +31,7 @@ extern "C" {
 
 #if defined(MBEDTLS_GCM_ALT)
 
-#if SOC_AES_SUPPORT_GCM
+
 #include "aes/esp_aes_gcm.h"
 
 
@@ -46,8 +46,6 @@ typedef esp_gcm_context mbedtls_gcm_context;
 #define mbedtls_gcm_auth_decrypt    esp_aes_gcm_auth_decrypt
 #define mbedtls_gcm_crypt_and_tag   esp_aes_gcm_crypt_and_tag
 
-#endif // SOC_AES_SUPPORT_GCM
-
 #endif /* MBEDTLS_GCM_ALT */
 
 #ifdef __cplusplus
diff --git a/components/mbedtls/port/include/mbedtls/esp_config.h b/components/mbedtls/port/include/mbedtls/esp_config.h
index 95bd65883c4..c7c8209c68e 100644
--- a/components/mbedtls/port/include/mbedtls/esp_config.h
+++ b/components/mbedtls/port/include/mbedtls/esp_config.h
@@ -123,10 +123,8 @@
 #undef MBEDTLS_AES_ALT
 #endif
 
-#ifdef CONFIG_MBEDTLS_HARDWARE_GCM
+#ifdef CONFIG_MBEDTLS_HARDWARE_AES
 #define MBEDTLS_GCM_ALT
-#else
-#undef MBEDTLS_GCM_ALT
 #endif
 
 /* MBEDTLS_SHAxx_ALT to enable hardware SHA support
diff --git a/components/mbedtls/test/test_aes_gcm.c b/components/mbedtls/test/test_aes_gcm.c
index 352b9fa7ae3..ccab5ef54a1 100644
--- a/components/mbedtls/test/test_aes_gcm.c
+++ b/components/mbedtls/test/test_aes_gcm.c
@@ -14,7 +14,7 @@
 #include "ccomp_timer.h"
 #include "sys/param.h"
 
-#if CONFIG_MBEDTLS_HARDWARE_GCM
+#if CONFIG_MBEDTLS_HARDWARE_AES
 
 /*
     Python example code for generating test vectors
@@ -491,4 +491,4 @@ TEST_CASE("mbedtls AES GCM performance, crypt-and-tag", "[aes-gcm]")
 #endif
 }
 
-#endif //CONFIG_MBEDTLS_HARDWARE_GCM
+#endif //CONFIG_MBEDTLS_HARDWARE_AES