diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index d50be5d53..29d4ffdf5 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -1239,11 +1239,6 @@ static int ssl_tls13_finalize_write_server_hello( mbedtls_ssl_context *ssl )
         return( ret );
     }
 
-    mbedtls_ssl_set_outbound_transform( ssl,
-                                        ssl->handshake->transform_handshake );
-    MBEDTLS_SSL_DEBUG_MSG(
-        3, ( "switching to handshake transform for outbound data" ) );
-
     return( ret );
 }
 
@@ -1407,6 +1402,11 @@ static int ssl_tls13_write_encrypted_extensions( mbedtls_ssl_context *ssl )
     unsigned char *buf;
     size_t buf_len, msg_len;
 
+    mbedtls_ssl_set_outbound_transform( ssl,
+                                        ssl->handshake->transform_handshake );
+    MBEDTLS_SSL_DEBUG_MSG(
+        3, ( "switching to handshake transform for outbound data" ) );
+
     MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write encrypted extensions" ) );
 
     MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_start_handshake_msg( ssl,