diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 4734eabd5..44a7bccf2 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -3573,14 +3573,6 @@ static int ssl_out_client_key_exchange_write( mbedtls_ssl_context *ssl,
             return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
         }
 
-        if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
-                                 ssl->handshake->ecdh_privkey,
-                                 ssl->handshake->premaster,
-                                 uecc_curve ) )
-        {
-            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
-
         /* TODO: Write the client share. */
         ((void) p);
         ((void) end);
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index fb8fab655..37e83399a 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -4204,19 +4204,8 @@ static int ssl_in_client_key_exchange_parse( mbedtls_ssl_context *ssl,
         mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
         == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
     {
-        const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
-
-        ret = mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end );
-        if( ret != 0 )
-            return( ret );
-
-        if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
-                                 ssl->handshake->ecdh_privkey,
-                                 ssl->handshake->premaster,
-                                 uecc_curve ) )
-        {
+        if( mbedtls_ssl_ecdh_read_peerkey( ssl, &p, end ) != 0 )
             return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
-        }
     }
     else
 #endif
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3e9d717e3..da7285f9f 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1701,6 +1701,26 @@ int mbedtls_ssl_build_pms( mbedtls_ssl_context *ssl )
     mbedtls_ssl_ciphersuite_handle_t ciphersuite_info =
         mbedtls_ssl_handshake_get_ciphersuite( ssl->handshake );
 
+#if defined(MBEDTLS_USE_TINYCRYPT)
+    if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
+        mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
+        == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA )
+    {
+        const struct uECC_Curve_t * uecc_curve = uECC_secp256r1();
+
+        if( !uECC_shared_secret( ssl->handshake->ecdh_peerkey,
+                                 ssl->handshake->ecdh_privkey,
+                                 ssl->handshake->premaster,
+                                 uecc_curve ) )
+        {
+            return( MBEDTLS_ERR_SSL_HW_ACCEL_FAILED );
+        }
+
+        ssl->handshake->pmslen = NUM_ECC_BYTES;
+    }
+    else
+#endif
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
     if( mbedtls_ssl_suite_get_key_exchange( ciphersuite_info )
         == MBEDTLS_KEY_EXCHANGE_DHE_RSA )