diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index fdb27f65a..4b0c5f8bb 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -471,8 +471,8 @@ struct _ssl_transform
 
 #if defined(POLARSSL_SSL_PROTO_SSL3)
     /* Needed only for SSL v3.0 secret */
-    unsigned char mac_enc[32];          /*!<  SSL v3.0 secret (enc)   */
-    unsigned char mac_dec[32];          /*!<  SSL v3.0 secret (dec)   */
+    unsigned char mac_enc[48];          /*!<  SSL v3.0 secret (enc)   */
+    unsigned char mac_dec[48];          /*!<  SSL v3.0 secret (dec)   */
 #endif /* POLARSSL_SSL_PROTO_SSL3 */
 
     md_context_t md_ctx_enc;            /*!<  MAC (encryption)        */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c1e3d374f..a903b3e0d 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -941,6 +941,8 @@ static void ssl_mac( md_context_t *md_ctx, unsigned char *secret,
         padlen = 40;
     else if( md_type == POLARSSL_MD_SHA256 )
         padlen = 32;
+    else if( md_type == POLARSSL_MD_SHA384 )
+        padlen = 16;
 
     memcpy( header, ctr, 8 );
     header[ 8] = (unsigned char)  type;