diff --git a/modules/mbedtls/Kconfig.tls-generic b/modules/mbedtls/Kconfig.tls-generic
index 3c11ddd9389519..dc3e73638e5d5d 100644
--- a/modules/mbedtls/Kconfig.tls-generic
+++ b/modules/mbedtls/Kconfig.tls-generic
@@ -361,4 +361,12 @@ config MBEDTLS_HAVE_TIME_DATE
 	  There also need to be a valid time source in the system, as mbedTLS
 	  expects a valid date/time for certificate validation."
 
+config MBEDTLS_SSL_DTLS_CONNECTION_ID
+	bool "Enable DTLS Connection ID extension"
+	depends on MBEDTLS_DTLS
+	help
+	  Enable support for the DTLS Connection ID extension
+	  which allows to identify DTLS connections across changes
+	  in the underlying transport.
+
 endmenu
diff --git a/modules/mbedtls/configs/config-tls-generic.h b/modules/mbedtls/configs/config-tls-generic.h
index e6e42cc7fcf427..fb1dac92819780 100644
--- a/modules/mbedtls/configs/config-tls-generic.h
+++ b/modules/mbedtls/configs/config-tls-generic.h
@@ -423,6 +423,10 @@
 #define MBEDTLS_SSL_SERVER_NAME_INDICATION
 #endif
 
+#if defined(CONFIG_MBEDTLS_SSL_DTLS_CONNECTION_ID)
+#define MBEDTLS_SSL_DTLS_CONNECTION_ID
+#endif
+
 /* User config file */
 
 #if defined(CONFIG_MBEDTLS_USER_CONFIG_FILE)