diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index d2e3878..cd5c7ad 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2458,7 +2458,7 @@
  *            it, and considering stronger message digests instead.
  *
  */
-//#define MBEDTLS_MD4_C
+#define MBEDTLS_MD4_C
 
 /**
  * \def MBEDTLS_MD5_C
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index e8b973c..ad363c9 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -904,7 +904,6 @@ struct mbedtls_ssl_config
     void *p_export_keys;            /*!< context for key export callback    */
 #if defined(MBEDTLS_EAP_TLS_EXPORT_KEYS)
     mbedtls_tls_key_t export_key_type;
-    unsigned char eap_tls_keyblk[128];
 #endif
 #endif
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4525d6e..5fbee68 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -619,7 +619,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
     unsigned char tmp[64];
     unsigned char keyblk[256];
 #if defined(MBEDTLS_EAP_TLS_EXPORT_KEYS)
-    unsigned char eap_tls_keyblk[128];
+    unsigned char eap_tls_keyblk[192];
 #endif
     unsigned char *key1;
     unsigned char *key2;
@@ -780,6 +780,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
             MBEDTLS_SSL_DEBUG_RET( 1, "eap_tls_prf", ret );
             return( ret );
         }
+        memcpy( eap_tls_keyblk + 128, handshake->randbytes, 64 );
     }
 #endif
 
@@ -1047,7 +1048,7 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
         if ( ssl->conf->export_key_type == EAP_TLS_KEY )
             ssl->conf->f_export_keys( ssl->conf->p_export_keys,
                                   session->master, eap_tls_keyblk,
-                                  0, 128, 0 );
+                                  0, 128, 64 );
         else
 #endif /* MBEDTLS_EAP_TLS_EXPORT_KEYS */
         ssl->conf->f_export_keys( ssl->conf->p_export_keys,