diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index c7d7b12e3d..184e2e1780 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -150,6 +150,7 @@
 
 #define SSL_TRUNC_HMAC_DISABLED         0
 #define SSL_TRUNC_HMAC_ENABLED          1
+#define SSL_TRUNCATED_HMAC_LEN          10  /* 80 bits, rfc 6066 section 7 */
 
 /*
  * Size of the input / output buffer.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4e7cac79b6..3da7c0b099 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -475,6 +475,14 @@ int ssl_derive_keys( ssl_context *ssl )
             }
 
             transform->maclen = md_get_size( md_info );
+
+            /*
+             * If HMAC is to be truncated, we shall keep the leftmost bytes,
+             * (rfc 6066 page 13 or rfc 2104 section 4),
+             * so we only need to adjust the length here.
+             */
+            if( session->trunc_hmac == SSL_TRUNC_HMAC_ENABLED )
+                transform->maclen = SSL_TRUNCATED_HMAC_LEN;
         }
 
         transform->keylen = cipher_info->key_length;