diff --git a/esphome/components/esp32/__init__.py b/esphome/components/esp32/__init__.py
index f56cf0068c..9e2c141352 100644
--- a/esphome/components/esp32/__init__.py
+++ b/esphome/components/esp32/__init__.py
@@ -701,7 +701,7 @@ def require_full_certificate_bundle() -> None:
     """Request the full certificate bundle instead of the common-CAs-only bundle.
 
     By default, ESPHome uses CONFIG_MBEDTLS_CERTIFICATE_BUNDLE_DEFAULT_CMN which
-    includes only CAs with >1% market share (~35 KB smaller than full bundle).
+    includes only CAs with >1% market share (~51 KB smaller than full bundle).
     This covers ~99% of websites including Let's Encrypt, DigiCert, Google, Amazon.
 
     Call this from components that need to connect to services using uncommon CAs.
diff --git a/tests/components/esp32/test.esp32-idf.yaml b/tests/components/esp32/test.esp32-idf.yaml
index 0e220623a1..d38cdfe2fd 100644
--- a/tests/components/esp32/test.esp32-idf.yaml
+++ b/tests/components/esp32/test.esp32-idf.yaml
@@ -7,6 +7,7 @@ esp32:
       enable_lwip_mdns_queries: true
       enable_lwip_bridge_interface: true
       disable_libc_locks_in_iram: false  # Test explicit opt-out of RAM optimization
+      use_full_certificate_bundle: false  # Test CMN bundle (default)
 
 wifi:
   ssid: MySSID