diff --git a/ChangeLog b/ChangeLog
index 7b14ce8c4b..f3b9de1a38 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,8 @@ Bugfix
    * cert_write app should use subject of issuer certificate as issuer of cert
    * Fix false reject in padding check in ssl_decrypt_buf() for CBC
      ciphersuites, for full SSL frames of data.
+   * Improve interoperability by not writing extension length in ClientHello /
+     ServerHello when no extensions are present (found by Matthew Page)
 
 = PolarSSL 1.3.6 released on 2014-04-11
 
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 0a69f4d374..cd0d8c2a7f 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -651,9 +651,12 @@ static int ssl_write_client_hello( ssl_context *ssl )
     SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
                    ext_len ) );
 
-    *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
-    p += ext_len;
+    if( ext_len > 0 )
+    {
+        *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+        *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
+        p += ext_len;
+    }
 
     ssl->out_msglen  = p - buf;
     ssl->out_msgtype = SSL_MSG_HANDSHAKE;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index dee6cd8ab4..acf2ef24cd 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1921,9 +1921,12 @@ static int ssl_write_server_hello( ssl_context *ssl )
 
     SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
 
-    *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
-    *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
-    p += ext_len;
+    if( ext_len > 0 )
+    {
+        *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+        *p++ = (unsigned char)( ( ext_len      ) & 0xFF );
+        p += ext_len;
+    }
 
     ssl->out_msglen  = p - buf;
     ssl->out_msgtype = SSL_MSG_HANDSHAKE;