diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 11eb4e38cab73..fb42c32affd17 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1357,6 +1357,8 @@ struct ssl_st {
     unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE];
     unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE];
     unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE];
+    unsigned char client_hand_traffic_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_hand_traffic_secret[EVP_MAX_MD_SIZE];
     unsigned char exporter_master_secret[EVP_MAX_MD_SIZE];
     unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE];
     EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
diff --git a/ssl/ssl_quic.c b/ssl/ssl_quic.c
index 1dd29394a486b..c59f6c6f9478e 100644
--- a/ssl/ssl_quic.c
+++ b/ssl/ssl_quic.c
@@ -194,8 +194,8 @@ int quic_set_encryption_secrets(SSL *ssl, OSSL_ENCRYPTION_LEVEL level)
         s2c_secret = ssl->early_secret;
         break;
     case ssl_encryption_handshake:
-        c2s_secret = ssl->client_finished_secret;
-        s2c_secret = ssl->server_finished_secret;
+        c2s_secret = ssl->client_hand_traffic_secret;
+        s2c_secret = ssl->server_hand_traffic_secret;
         break;
     case ssl_encryption_application:
         c2s_secret = ssl->client_app_traffic_secret;
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 41a14f489f4bd..6b50bc9a52167 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -739,6 +739,10 @@ int tls13_change_cipher_state(SSL *s, int which)
         }
     } else if (label == client_application_traffic)
         memcpy(s->client_app_traffic_secret, secret, hashlen);
+    else if (label == client_handshake_traffic)
+        memcpy(s->client_hand_traffic_secret, secret, hashlen);
+    else if (label == server_handshake_traffic)
+        memcpy(s->server_hand_traffic_secret, secret, hashlen);
 
     if (!ssl_log_secret(s, log_label, secret, hashlen)) {
         /* SSLfatal() already called */