diff --git a/ssl/ssl.enums.c b/ssl/ssl.enums.c
index feb8513..c4ac065 100644
--- a/ssl/ssl.enums.c
+++ b/ssl/ssl.enums.c
@@ -244,7 +244,7 @@ static int decode_HandshakeType_ClientHello(ssl_obj *ssl,
   SSL_DECODE_UINT16(ssl, "extensions len", 0, data, &exlen);
   if(exlen) {
     explain(ssl, "extensions\n");
-    while(data->len) {
+    while(data->len > 0) {
       SSL_DECODE_UINT16(ssl, "extension type", 0, data, &ex);
       if(!ja3_ex_str)
         ja3_ex_str = calloc(7, 1);
@@ -1714,6 +1714,7 @@ decoder extension_decoder[] = {
     {55, "external_id_hash", decode_extension},
     {56, "external_session_id", decode_extension},
     {13172, "next_protocol_negotiation", decode_extension},
+    {0xfe0d, "encrypted_client_hello", decode_extension},
     {0xff01, "renegotiation_info", decode_extension},
     {-1}};
 
diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c
index 5e6a853..7960001 100644
--- a/ssl/ssldecode.c
+++ b/ssl/ssldecode.c
@@ -555,6 +555,7 @@ int ssl_restore_session(ssl_obj *ssl, ssl_decoder *d) {
     case TLSV1_VERSION:
     case TLSV11_VERSION:
     case TLSV12_VERSION:
+    case TLSV13_VERSION:
       if((r = ssl_generate_keying_material(ssl, d)))
         ABORT(r);
       break;
@@ -655,6 +656,7 @@ int ssl_process_client_key_exchange(ssl_obj *ssl,
     case TLSV1_VERSION:
     case TLSV11_VERSION:
     case TLSV12_VERSION:
+    case TLSV13_VERSION:
       if((r = ssl_generate_keying_material(ssl, d)))
         ABORT(r);
       break;