diff --git a/openssl-sys/src/libressl.rs b/openssl-sys/src/libressl.rs
index 83c5aee6..2c747ffe 100644
--- a/openssl-sys/src/libressl.rs
+++ b/openssl-sys/src/libressl.rs
@@ -361,8 +361,8 @@ pub struct SSL_CTX {
 #[repr(C)]
 pub struct SSL_SESSION {
     ssl_version: c_int,
-    master_key_length: c_int,
-    master_key: [c_uchar; SSL_MAX_MASTER_KEY_LENGTH as usize],
+    pub master_key_length: c_int,
+    pub master_key: [c_uchar; 48],
     session_id_length: c_uint,
     session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
     sid_ctx_length: c_uint,
diff --git a/openssl-sys/src/ossl10x.rs b/openssl-sys/src/ossl10x.rs
index 5b0ca3d5..4d37d2a1 100644
--- a/openssl-sys/src/ossl10x.rs
+++ b/openssl-sys/src/ossl10x.rs
@@ -420,8 +420,8 @@ pub struct SSL_SESSION {
     ssl_version: c_int,
     key_arg_length: c_uint,
     key_arg: [c_uchar; SSL_MAX_KEY_ARG_LENGTH as usize],
-    master_key_length: c_uint,
-    master_key: [c_uchar; SSL_MAX_MASTER_KEY_LENGTH as usize],
+    pub master_key_length: c_int,
+    pub master_key: [c_uchar; 48],
     session_id_length: c_uint,
     session_id: [c_uchar; SSL_MAX_SSL_SESSION_ID_LENGTH as usize],
     sid_ctx_length: c_uint,
@@ -429,7 +429,7 @@ pub struct SSL_SESSION {
     #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
     krb5_client_princ_len: c_uint,
     #[cfg(not(osslconf = "OPENSSL_NO_KRB5"))]
-    krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH],
+    krb5_client_princ: [c_uchar; SSL_MAX_KRB5_PRINCIPAL_LENGTH as usize],
     #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
     psk_identity_hint: *mut c_char,
     #[cfg(not(osslconf = "OPENSSL_NO_PSK"))]
diff --git a/openssl-sys/src/ossl110.rs b/openssl-sys/src/ossl110.rs
index 9a5d287b..898ad4a2 100644
--- a/openssl-sys/src/ossl110.rs
+++ b/openssl-sys/src/ossl110.rs
@@ -1,4 +1,4 @@
-use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long, c_uint};
+use libc::{c_int, c_void, c_char, c_uchar, c_ulong, c_long, c_uint, size_t};
 
 pub enum BIGNUM {}
 pub enum BIO {}
@@ -156,6 +156,10 @@ extern {
                                    -> c_int;
     pub fn X509_up_ref(x: *mut X509) -> c_int;
     pub fn SSL_CTX_up_ref(x: *mut SSL_CTX) -> c_int;
+    pub fn SSL_SESSION_get_master_key(session: *const SSL_SESSION,
+                                      out: *mut c_uchar,
+                                      outlen: size_t)
+                                      -> size_t;
     pub fn X509_get0_extensions(req: *const ::X509) -> *const stack_st_X509_EXTENSION;
     pub fn X509_STORE_CTX_get0_chain(ctx: *mut ::X509_STORE_CTX) -> *mut stack_st_X509;
     pub fn EVP_MD_CTX_new() -> *mut EVP_MD_CTX;
diff --git a/openssl/src/ssl/mod.rs b/openssl/src/ssl/mod.rs
index ce9d65ef..6d49f2b1 100644
--- a/openssl/src/ssl/mod.rs
+++ b/openssl/src/ssl/mod.rs
@@ -1040,6 +1040,18 @@ impl SslSessionRef {
             slice::from_raw_parts(p as *const u8, len as usize)
         }
     }
+
+    /// Returns the length of the master key.
+    pub fn master_key_len(&self) -> usize {
+        unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), ptr::null_mut(), 0) }
+    }
+
+    /// Copies the master key into the provided buffer.
+    ///
+    /// Returns the number of bytes written.
+    pub fn master_key(&self, buf: &mut [u8]) -> usize {
+        unsafe { compat::SSL_SESSION_get_master_key(self.as_ptr(), buf.as_mut_ptr(), buf.len()) }
+    }
 }
 
 type_!(Ssl, SslRef, ffi::SSL, ffi::SSL_free);
@@ -1728,6 +1740,7 @@ mod compat {
 
     pub use ffi::{SSL_CTX_get_options, SSL_CTX_set_options};
     pub use ffi::{SSL_CTX_clear_options, SSL_CTX_up_ref};
+    pub use ffi::SSL_SESSION_get_master_key;
 
     pub unsafe fn get_new_idx(f: ffi::CRYPTO_EX_free) -> c_int {
         ffi::CRYPTO_get_ex_new_index(ffi::CRYPTO_EX_INDEX_SSL_CTX,
@@ -1762,7 +1775,7 @@ mod compat {
     use std::ptr;
 
     use ffi;
-    use libc::{self, c_long, c_ulong, c_int};
+    use libc::{self, c_long, c_ulong, c_int, size_t, c_uchar};
 
     pub unsafe fn SSL_CTX_get_options(ctx: *const ffi::SSL_CTX) -> c_ulong {
         ffi::SSL_CTX_ctrl(ctx as *mut _, ffi::SSL_CTRL_OPTIONS, 0, ptr::null_mut()) as c_ulong
@@ -1799,6 +1812,19 @@ mod compat {
         0
     }
 
+    pub unsafe fn SSL_SESSION_get_master_key(session: *const ffi::SSL_SESSION,
+                                             out: *mut c_uchar,
+                                             mut outlen: size_t) -> size_t {
+        if outlen == 0 {
+            return (*session).master_key_length as size_t;
+        }
+        if outlen > (*session).master_key_length as size_t {
+            outlen = (*session).master_key_length as size_t;
+        }
+        ptr::copy_nonoverlapping((*session).master_key.as_ptr(), out, outlen);
+        outlen
+    }
+
     pub fn tls_method() -> *const ffi::SSL_METHOD {
         unsafe { ffi::SSLv23_method() }
     }
diff --git a/openssl/src/ssl/tests/mod.rs b/openssl/src/ssl/tests/mod.rs
index 744b2688..14bb2f71 100644
--- a/openssl/src/ssl/tests/mod.rs
+++ b/openssl/src/ssl/tests/mod.rs
@@ -1385,7 +1385,15 @@ fn active_session() {
 
     let s = TcpStream::connect("google.com:443").unwrap();
     let socket = connector.connect("google.com", s).unwrap();
-    assert!(socket.ssl().session().is_some());
+    let session = socket.ssl().session().unwrap();
+    let len = session.master_key_len();
+    let mut buf = vec![0; len - 1];
+    let copied = session.master_key(&mut buf);
+    assert_eq!(copied, buf.len());
+    let mut buf = vec![0; len + 1];
+    let copied = session.master_key(&mut buf);
+    assert_eq!(copied, len);
+
 }
 
 fn _check_kinds() {