diff --git a/src/internal.c b/src/internal.c
index 416a86c6b..c649bd33d 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -561,6 +561,7 @@ static int ExportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
     keys = &(ssl->keys);
 
     if (DTLS_EXPORT_KEY_SZ > len) {
+        WOLFSSL_MSG("Buffer not large enough for max key struct size");
         return BUFFER_E;
     }
 
@@ -633,7 +634,8 @@ static int ExportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
     XMEMCPY(exp + idx, keys->aead_enc_imp_IV, sz); idx += sz;
     XMEMCPY(exp + idx, keys->aead_dec_imp_IV, sz); idx += sz;
 
- if (idx > DTLS_EXPORT_KEY_SZ) {
+    /* DTLS_EXPORT_KEY_SZ is max value. idx size can vary */
+    if (idx > DTLS_EXPORT_KEY_SZ) {
         WOLFSSL_MSG("DTLS_EXPORT_KEY_SZ needs updated and export version");
         return DTLS_EXPORT_VER_E;
     }
@@ -657,6 +659,7 @@ static int ImportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
     specs= &(ssl->specs);
 
     if (DTLS_EXPORT_SPC_SZ > len) {
+        WOLFSSL_MSG("Buffer not large enough for max spec struct size");
         return BUFFER_E;
     }
 
@@ -905,7 +908,7 @@ static int dtls_export_load(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
     int idx = 0;
     Options* options = &ssl->options;
 
-    if (ver != 1) {
+    if (ver != DTLS_EXPORT_VERSION) {
         WOLFSSL_MSG("Export version not supported");
         return BAD_FUNC_ARG;
     }
@@ -1017,7 +1020,7 @@ static int ExportPeerInfo(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
     word16 port = 0;
     char   ip[DTLS_EXPORT_IP];
 
-    if (ver != 1) {
+    if (ver != DTLS_EXPORT_VERSION) {
         WOLFSSL_MSG("Export version not supported");
         return BAD_FUNC_ARG;
     }
@@ -1058,7 +1061,7 @@ static int ImportPeerInfo(WOLFSSL* ssl, byte* buf, word32 len, byte ver)
     word16 port;
     char   ip[DTLS_EXPORT_IP];
 
-    if (ver != 1) {
+    if (ver != DTLS_EXPORT_VERSION) {
         WOLFSSL_MSG("Export version not supported");
         return BAD_FUNC_ARG;
     }
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 842ace428..ba2a6e89f 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -954,14 +954,14 @@ enum Misc {
     DTLS_HANDSHAKE_FRAG_SZ   = 3,  /* fragment offset and length are 24 bit */
     DTLS_POOL_SZ             = 5,  /* buffers to hold in the retry pool */
     DTLS_EXPORT_PRO          = 165,/* wolfSSL protocol for serialized session */
-    DTLS_EXPORT_VERSION      = 1,  /* wolfSSL version for serialized session */
+    DTLS_EXPORT_VERSION      = 2,  /* wolfSSL version for serialized session */
     DTLS_EXPORT_OPT_SZ       = 57, /* amount of bytes used from Options */
-    DTLS_EXPORT_KEY_SZ       = 331,/* max amount of bytes used from Keys */
-    DTLS_EXPORT_MIN_KEY_SZ   = 75, /* min amount of bytes used from Keys */
+    DTLS_EXPORT_KEY_SZ       = 337,/* max amount of bytes used from Keys */
+    DTLS_EXPORT_MIN_KEY_SZ   = 89, /* min amount of bytes used from Keys */
     DTLS_EXPORT_SPC_SZ       = 16, /* amount of bytes used from CipherSpecs */
     DTLS_EXPORT_LEN          = 2,  /* 2 bytes for length and protocol */
     DTLS_EXPORT_IP           = 46, /* max ip size IPv4 mapped IPv6 */
-    MAX_EXPORT_BUFFER        = 500, /* max size of buffer for exporting */
+    MAX_EXPORT_BUFFER        = 514, /* max size of buffer for exporting */
     FINISHED_LABEL_SZ   = 15,  /* TLS finished label size */
     TLS_FINISHED_SZ     = 12,  /* TLS has a shorter size  */
     EXT_MASTER_LABEL_SZ = 22,  /* TLS extended master secret label sz */