diff --git a/cyassl/ssl.h b/cyassl/ssl.h
index 6cbfc6f01..fc118b419 100644
--- a/cyassl/ssl.h
+++ b/cyassl/ssl.h
@@ -1007,6 +1007,7 @@ CYASSL_API const unsigned char* CyaSSL_GetClientWriteIV(CYASSL*);
 CYASSL_API const unsigned char* CyaSSL_GetServerWriteKey(CYASSL*);
 CYASSL_API const unsigned char* CyaSSL_GetServerWriteIV(CYASSL*);
 CYASSL_API int                  CyaSSL_GetKeySize(CYASSL*);
+CYASSL_API int                  CyaSSL_GetIVSize(CYASSL*);
 CYASSL_API int                  CyaSSL_GetSide(CYASSL*);
 CYASSL_API int                  CyaSSL_IsTLSv1_1(CYASSL*);
 CYASSL_API int                  CyaSSL_GetBulkCipher(CYASSL*);
diff --git a/src/ssl.c b/src/ssl.c
index e2ca23d6a..c7f5b255f 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -910,6 +910,15 @@ int CyaSSL_GetKeySize(CYASSL* ssl)
 }
 
 
+int CyaSSL_GetIVSize(CYASSL* ssl)
+{
+    if (ssl)
+        return ssl->specs.iv_size;
+
+    return BAD_FUNC_ARG;
+}
+
+
 int CyaSSL_GetBulkCipher(CYASSL* ssl)
 {
     if (ssl)
@@ -976,8 +985,9 @@ int CyaSSL_GetSide(CYASSL* ssl)
 
 int CyaSSL_GetHmacSize(CYASSL* ssl)
 {
+    /* AEAD ciphers don't have HMAC keys */
     if (ssl)
-        return ssl->specs.hash_size;
+        return (ssl->specs.cipher_type != aead) ? ssl->specs.hash_size : 0;
 
     return BAD_FUNC_ARG;
 }