Client cert authentication and TLS1.3

Good day.

I want to implement client certificate authentication with TLS1.3. The client's certificate is located on PKI card and requires PIN input.

When I configure a specific cipher_groups , leave Options list by default (empty) in client SSL profile, I receive "ssl no common encryption algorithm" error with TLS1.3 enabled.

When I add "no TLS1.3" option in option list, the site requests me certificate, I choose a specific cert, enter PIN and then site opens successfully. I see TLS1.2 in security tab.

When I remove "no TLS1.3" option in option list, the site requests certificate, I choose a specific cert, but I don't get a PIN prompt. Browser doesn't send a certificate and receive an "ssl no common encryption algorithm" error.

What should I do to make TLS1.3 work with client cert authentication? May Bug ID 878641 impact on my situation?

I tried on different browsers, the problem is common for all of them.

Thank you.