diff --git a/homeassistant/components/mqtt/client.py b/homeassistant/components/mqtt/client.py
index ec866169709..dfc88844bd6 100644
--- a/homeassistant/components/mqtt/client.py
+++ b/homeassistant/components/mqtt/client.py
@@ -329,7 +329,7 @@ class MqttClientSetup:
                 certificate,
                 certfile=client_cert,
                 keyfile=client_key,
-                tls_version=ssl.PROTOCOL_TLS,
+                tls_version=ssl.PROTOCOL_TLS_CLIENT,
             )
 
             if tls_insecure is not None:
diff --git a/homeassistant/components/mqtt/config_flow.py b/homeassistant/components/mqtt/config_flow.py
index ff5ea22e7de..66424f2c3dc 100644
--- a/homeassistant/components/mqtt/config_flow.py
+++ b/homeassistant/components/mqtt/config_flow.py
@@ -4,7 +4,7 @@ from __future__ import annotations
 from collections import OrderedDict
 from collections.abc import Callable
 import queue
-from ssl import PROTOCOL_TLS, SSLContext, SSLError
+from ssl import PROTOCOL_TLS_CLIENT, SSLContext, SSLError
 from types import MappingProxyType
 from typing import Any
 
@@ -789,7 +789,7 @@ def check_certicate_chain() -> str | None:
         except (TypeError, ValueError):
             return "bad_client_key"
     # Check the certificate chain
-    context = SSLContext(PROTOCOL_TLS)
+    context = SSLContext(PROTOCOL_TLS_CLIENT)
     if client_certificate and private_key:
         try:
             context.load_cert_chain(client_certificate, private_key)
diff --git a/homeassistant/util/ssl.py b/homeassistant/util/ssl.py
index ffeefe3d2c9..71c88ad8446 100644
--- a/homeassistant/util/ssl.py
+++ b/homeassistant/util/ssl.py
@@ -23,7 +23,7 @@ def server_context_modern() -> ssl.SSLContext:
     https://wiki.mozilla.org/Security/Server_Side_TLS
     Modern guidelines are followed.
     """
-    context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+    context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
 
     context.options |= (
         ssl.OP_NO_SSLv2
@@ -53,7 +53,7 @@ def server_context_intermediate() -> ssl.SSLContext:
     https://wiki.mozilla.org/Security/Server_Side_TLS
     Intermediate guidelines are followed.
     """
-    context = ssl.SSLContext(ssl.PROTOCOL_TLS)
+    context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
 
     context.options |= (
         ssl.OP_NO_SSLv2 | ssl.OP_NO_SSLv3 | ssl.OP_CIPHER_SERVER_PREFERENCE
diff --git a/tests/components/mqtt/test_init.py b/tests/components/mqtt/test_init.py
index 58b8279f836..8462e46318a 100644
--- a/tests/components/mqtt/test_init.py
+++ b/tests/components/mqtt/test_init.py
@@ -1879,7 +1879,7 @@ async def test_tls_version(
         await mqtt_mock_entry_with_yaml_config()
 
         assert calls
-        assert calls[0][3] == ssl.PROTOCOL_TLS
+        assert calls[0][3] == ssl.PROTOCOL_TLS_CLIENT
 
 
 @pytest.mark.parametrize(