We cannot record the client cert in the current SSL module’s memory due to the certificate size. So when doing TLSv13 resumption, client cert information will be lost by the time session reused.

FIX:

To make sure backend server receive proper HTTP Header, SSL server will force TLSv13 connection with client cert auth (mTLS) to do full handshake if reconnecting(not sending the session ticket). Which also strengthen the security for APV.
Tested with OpenSSL s_client and tcpdump