diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index a9bcd01f3..a33cfb5ad 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -482,14 +482,17 @@ static int eap_tls_key_derivation ( void *p_expkey,
     eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
 
     ( ( void ) kb );
-    ( ( void ) maclen );
-    ( ( void ) keylen );
-    ( ( void ) ivlen );
     memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
     memcpy( keys->randbytes, client_random, 32 );
     memcpy( keys->randbytes + 32, server_random, 32 );
     keys->tls_prf_type = tls_prf_type;
 
+    if( opt.debug_level > 2 )
+    {
+        mbedtls_printf("exported maclen is %zu\n",maclen);
+        mbedtls_printf("exported keylen is %zu\n",keylen);
+        mbedtls_printf("exported ivlen is %zu\n",ivlen);
+    }
     return( 0 );
 }
 #endif
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 363b2dc2d..d246988bf 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -598,14 +598,17 @@ static int eap_tls_key_derivation ( void *p_expkey,
     eap_tls_keys *keys = (eap_tls_keys *)p_expkey;
 
     ( ( void ) kb );
-    ( ( void ) maclen );
-    ( ( void ) keylen );
-    ( ( void ) ivlen );
     memcpy( keys->master_secret, ms, sizeof( keys->master_secret ) );
     memcpy( keys->randbytes, client_random, 32 );
     memcpy( keys->randbytes + 32, server_random, 32 );
     keys->tls_prf_type = tls_prf_type;
 
+    if( opt.debug_level > 2 )
+    {
+        mbedtls_printf("exported maclen is %zu\n",maclen);
+        mbedtls_printf("exported keylen is %zu\n",keylen);
+        mbedtls_printf("exported ivlen is %zu\n",ivlen);
+    }
     return( 0 );
 }
 #endif
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 08d4be308..cef87bceb 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -7939,6 +7939,18 @@ run_test    "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
             -s "Extra-header:" \
             -c "Extra-header:"
 
+requires_config_enabled MBEDTLS_SSL_EXPORT_KEYS
+run_test    "export keys functionality" \
+            "$P_SRV eap_tls=1 debug_level=3" \
+            "$P_CLI eap_tls=1 debug_level=3" \
+            0 \
+            -s "exported maclen is " \
+            -s "exported keylen is " \
+            -s "exported ivlen is "  \
+            -c "exported maclen is " \
+            -c "exported keylen is " \
+            -c "exported ivlen is "
+
 # Final report
 
 echo "------------------------------------------------------------------------"