Hi Peter,
For TLS 1.3, you need at least Mbed TLS 3.1. We'd started work on TLS 1.3 before the 2.28 release, but that release does not yet have a usable subset of the protocol (it only has part of the handshake). Please consult https://github.com/Mbed-TLS/mbedtls/blob/development/docs/architecture/tls13... or that file in a given release to see what TLS 1.3 features are supported.
The TLS 1.3 code depends on the PSA cryptography subsystem. I'm afraid this currently has a little RAM overhead, compared to the legacy cryptography API. So far we've mostly focused on code size optimization, not on RAM optimization, and even for code size there is some overhead due to the ongoing API transition. The RAM overhead is only a few hundreds of bytes, however. Set MBEDTLS_PSA_KEY_SLOT_COUNT to the minimum value that works for you to reduce the RAM overhead.
If your chip has hardware acceleration, using PSA with an accelerator driver can improve performance and code size and RAM usage for asymmetric cryptography (which is the part that uses the most RAM), compared to the legacy API.
Best regards,