diff --git a/src/internal.c b/src/internal.c
index be0059c2d..f4e41b92a 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -7230,6 +7230,10 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
         XMEMCPY(ssl->group, ctx->group, sizeof(*ctx->group) * ctx->numGroups);
         ssl->numGroups = ctx->numGroups;
     }
+
+    #ifdef WOLFSSL_TLS13_MIDDLEBOX_COMPAT
+        ssl->options.tls13MiddleBoxCompat = 1;
+    #endif
 #endif
 
 #ifdef HAVE_TLS_EXTENSIONS
diff --git a/src/tls13.c b/src/tls13.c
index a51185ebe..0262062a1 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -4249,9 +4249,6 @@ int SendTls13ClientHello(WOLFSSL* ssl)
     /* Version | Random | Cipher Suites | Compression */
     args->length = VERSION_SZ + RAN_LEN + suites->suiteSz +
             SUITE_LEN + COMP_LEN + ENUM_LEN;
-#if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
-    ssl->options.tls13MiddleBoxCompat = 1;
-#endif
 #ifdef WOLFSSL_QUIC
     if (WOLFSSL_IS_QUIC(ssl)) {
         /* RFC 9001 ch. 8.4 sessionID in ClientHello MUST be 0 length */
diff --git a/tests/api.c b/tests/api.c
index 90f04764a..16642373c 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -34642,6 +34642,8 @@ static int test_wolfSSL_Tls12_Key_Logging_test(void)
     }
     /* a log starting with "CLIENT_RANDOM " should exit in the file */
     ExpectIntEQ(found, 1);
+    /* clean up */
+    ExpectIntEQ(rem_file("./MyKeyLog.txt"), 0);
 #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */
     return EXPECT_RESULT();
 }