2 files changed, 6 insertions, 2 deletions

diff --git a/src/tls/tls_handshake_hash.cpp b/src/tls/tls_handshake_hash.cpp
index 61295a95c..d0c74136b 100644
--- a/src/tls/tls_handshake_hash.cpp
+++ b/src/tls/tls_handshake_hash.cpp
@@ -43,7 +43,7 @@ SecureVector<byte> Handshake_Hash::final(Protocol_Version version,
       }
    else if(version == Protocol_Version::TLS_V12)
       {
-      if(mac_algo == "SHA-1" || mac_algo == "SHA-256")
+      if(mac_algo == "MD5" || mac_algo == "SHA-1" || mac_algo == "SHA-256")
          hash.reset(af.make_hash_function("SHA-256"));
       else
          hash.reset(af.make_hash_function(mac_algo));
diff --git a/src/tls/tls_handshake_state.cpp b/src/tls/tls_handshake_state.cpp
index 6ddd8d346..48d9abbeb 100644
--- a/src/tls/tls_handshake_state.cpp
+++ b/src/tls/tls_handshake_state.cpp
@@ -163,8 +163,12 @@ KDF* Handshake_State::protocol_specific_prf()
       }
    else if(version() == Protocol_Version::TLS_V12)
       {
-      if(suite.mac_algo() == "SHA-1" || suite.mac_algo() == "SHA-256")
+      if(suite.mac_algo() == "MD5" ||
+         suite.mac_algo() == "SHA-1" ||
+         suite.mac_algo() == "SHA-256")
+         {
          return get_kdf("TLS-12-PRF(SHA-256)");
+         }
 
       return get_kdf("TLS-12-PRF(" + suite.mac_algo() + ")");
       }