diff --git a/src/ssl.c b/src/ssl.c
index 147fc4d52..60fb21260 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -19953,6 +19953,9 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
 
         WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt");
 
+        if (sz <= 0)
+            return;
+
         XMEMSET(key, 0, sizeof(key));
         XMEMCPY(key, *ks1, DES_BLOCK_SIZE);
         XMEMCPY(&key[DES_BLOCK_SIZE], *ks2, DES_BLOCK_SIZE);
@@ -19980,12 +19983,20 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
                     ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE);
                 #endif
                     (void)ret; /* ignore return codes for processing */
+                    XMEMCPY(ivec, output+blk*DES_BLOCK_SIZE, DES_BLOCK_SIZE);
+                }
+                else {
+                    XMEMCPY(ivec, output+(blk-1)*DES_BLOCK_SIZE, DES_BLOCK_SIZE);
                 }
             }
         }
         else {
             if (wc_Des3_SetKey(&des, key, (const byte*)ivec,
                     DES_DECRYPTION) == 0) {
+                if(lb_sz)
+                    XMEMCPY(ivec, input+sz-lb_sz, DES_BLOCK_SIZE);
+                else
+                    XMEMCPY(ivec, input+(blk-1)*DES_BLOCK_SIZE, DES_BLOCK_SIZE);
                 ret = wc_Des3_CbcDecrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE);
             #if defined(WOLFSSL_ASYNC_CRYPT)
                 ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE);
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 9f432d939..0067cf5e5 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -7430,6 +7430,9 @@ WOLFSSL_TEST_SUBROUTINE int des3_test(void)
     };
 
     int ret;
+#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
+    size_t i;
+#endif
 
 
     ret = wc_Des3Init(&enc, HEAP_HINT, devId);
@@ -7466,24 +7469,36 @@ WOLFSSL_TEST_SUBROUTINE int des3_test(void)
 
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
     /* test the same vectors with using compatibility layer */
-    {
+    for (i = 0; i < sizeof(vector); i += DES_BLOCK_SIZE){
         DES_key_schedule ks1;
         DES_key_schedule ks2;
         DES_key_schedule ks3;
         DES_cblock iv4;
+        byte tmp[sizeof(vector)];
 
         XMEMCPY(ks1, key3, sizeof(DES_key_schedule));
         XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule));
         XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule));
-        XMEMCPY(iv4, iv3, sizeof(DES_cblock));
 
         XMEMSET(plain, 0, sizeof(plain));
         XMEMSET(cipher, 0, sizeof(cipher));
 
-        DES_ede3_cbc_encrypt(vector, cipher, sizeof(vector), &ks1, &ks2, &ks3,
+        /* Test in-place encrypt/decrypt */
+        XMEMCPY(tmp, vector, sizeof(vector));
+
+        /* Use i as the splitter */
+        XMEMCPY(iv4, iv3, sizeof(DES_cblock));
+        DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
                 &iv4, DES_ENCRYPT);
-        DES_ede3_cbc_encrypt(cipher, plain, sizeof(cipher), &ks1, &ks2, &ks3,
+        DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(vector) - i),
+                &ks1, &ks2, &ks3, &iv4, DES_ENCRYPT);
+        XMEMCPY(cipher, tmp, sizeof(cipher));
+        XMEMCPY(iv4, iv3, sizeof(DES_cblock));
+        DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
                 &iv4, DES_DECRYPT);
+        DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(cipher) - i),
+                &ks1, &ks2, &ks3, &iv4, DES_DECRYPT);
+        XMEMCPY(plain, tmp, sizeof(plain));
 
         if (XMEMCMP(plain, vector, sizeof(plain)))
             return WC_TEST_RET_ENC_NC;