diff --git a/ssl/ssl_rec.c b/ssl/ssl_rec.c
index 89a5caa..2be3256 100644
--- a/ssl/ssl_rec.c
+++ b/ssl/ssl_rec.c
@@ -219,8 +219,13 @@ int ssl_decode_rec_data(ssl,d,ct,version,in,inl,out,outl)
 		      NULL,
 		      d->write_key->data,
 		      aead_nonce);
+
+      /*
+	 Then tag is always 16 bytes, as per:
+	 https://tools.ietf.org/html/rfc5116#section-5.2
+      */
       EVP_CIPHER_CTX_ctrl(d->evp,EVP_CTRL_GCM_SET_TAG,16,in+(inl-16));
-      inl-=d->cs->eff_bits/8;
+      inl-=16;
 
       fmt_seq(d->seq,aead_tag);
       d->seq++;
diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c
index d3128cf..499680e 100644
--- a/ssl/ssldecode.c
+++ b/ssl/ssldecode.c
@@ -742,7 +742,8 @@ static int tls12_prf(ssl,secret,usage,rnd1,rnd2,out)
     memcpy(ptr,rnd2->data,rnd2->len); ptr+=rnd2->len;    
 
     /* Earlier versions of openssl didn't have SHA256 of course... */
-    dgi = MAX(DIG_SHA256, ssl->cs->dig)-0x40;
+    dgi = MAX(DIG_SHA256, ssl->cs->dig);
+    dgi-=0x40;
     if ((md=EVP_get_digestbyname(digests[dgi])) == NULL) {
         DBG((0,"Cannot get EVP for digest %s, openssl library current?",
                     digests[dgi]));
@@ -1086,7 +1087,7 @@ static int ssl_read_key_log_file(d)
 	  if(snprintf(label_data+(i*2),3,"%02x",d->client_random->data[i])!=2)
 	    ABORT(r);
 
-	if(strncmp(line+14,label_data,64))
+	if(STRNICMP(line+14,label_data,64))
 	  continue;
 
 	if(r=r_data_alloc(&d->MS,48))