diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index 32a4f2ab3..d0809fc1c 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -1507,9 +1507,42 @@ cleanup:
 int mbedtls_ssl_tls13_generate_resumption_master_secret(
     mbedtls_ssl_context *ssl )
 {
+    int ret = 0;
+
+    mbedtls_md_type_t md_type;
+
+    unsigned char transcript[MBEDTLS_MD_MAX_SIZE];
+    size_t transcript_len;
+
+    MBEDTLS_SSL_DEBUG_MSG( 2,
+          ( "=> mbedtls_ssl_tls13_generate_resumption_master_secret" ) );
+
+    md_type = ssl->handshake->ciphersuite_info->mac;
+
+    ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type,
+                                                transcript, sizeof( transcript ),
+                                                &transcript_len );
+    if( ret != 0 )
+        return( ret );
+
+    ret = mbedtls_ssl_tls13_derive_resumption_master_secret(
+                              mbedtls_psa_translate_md( md_type ),
+                              ssl->handshake->tls13_master_secrets.app,
+                              transcript, transcript_len,
+                              &ssl->session_negotiate->app_secrets );
+    if( ret != 0 )
+        return( ret );
+
     /* Erase master secrets */
     mbedtls_platform_zeroize( &ssl->handshake->tls13_master_secrets,
                               sizeof( ssl->handshake->tls13_master_secrets ) );
+
+    MBEDTLS_SSL_DEBUG_BUF( 4, "Resumption master secret",
+             ssl->session_negotiate->app_secrets.resumption_master_secret,
+             mbedtls_md_get_size( mbedtls_md_info_from_type( md_type ) ) );
+
+    MBEDTLS_SSL_DEBUG_MSG( 2,
+          ( "<= mbedtls_ssl_tls13_generate_resumption_master_secret" ) );
     return( 0 );
 }