diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c
index b6a9bf473..77d51d5c0 100644
--- a/library/psa_crypto_ffdh.c
+++ b/library/psa_crypto_ffdh.c
@@ -232,10 +232,10 @@ psa_status_t mbedtls_psa_ffdh_generate_key(
     if (status == PSA_SUCCESS) {
         /* RFC7919: Traditional finite field Diffie-Hellman has each peer choose their
            secret exponent from the range [2, P-2].
-           Select random value in range [4, P] and decrease it by 2. */
-        MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 4, &P, mbedtls_psa_get_random,
+           Select random value in range [3, P-1] and decrease it by 1. */
+        MBEDTLS_MPI_CHK(mbedtls_mpi_random(&X, 3, &P, mbedtls_psa_get_random,
                                            MBEDTLS_PSA_RANDOM_STATE));
-        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 2));
+        MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&X, &X, 1));
 
         *key_buffer_length = mbedtls_mpi_size(&X);