diff --git a/ChangeLog b/ChangeLog
index 3aa84e73c..8044ae57f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,7 +9,7 @@ Features
      Contributed by Jack Lloyd and Fortanix Inc.
    * Add the Wi-SUN Field Area Network (FAN) device extended key usage.
    * Add the oid certificate policy x509 extension.
-   * Extend the  MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
+   * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
      and the used tls-prf.
    * Add public API for tls-prf function, according to requested enum.
 
@@ -38,7 +38,7 @@ Bugfix
      sni entry parameter. Reported by inestlerode in #560.
 
 API Changes
-   * Extend the  MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
+   * Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
      and the used tls-prf.
    * Add public API for tls-prf function, according to requested enum.
 
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 9260fbf1a..62f2c5790 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2011,11 +2011,11 @@ int main( int argc, char *argv[] )
         mbedtls_printf("\n");
 
         if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0,
-                                          eap_tls_label,
-                                          eap_tls_keying.randbytes,
-                                          sizeof( eap_tls_keying.randbytes ),
-                                          eap_tls_iv,
-                                          sizeof( eap_tls_iv ) ) ) != 0 )
+                                         eap_tls_label,
+                                         eap_tls_keying.randbytes,
+                                         sizeof( eap_tls_keying.randbytes ),
+                                         eap_tls_iv,
+                                         sizeof( eap_tls_iv ) ) ) != 0 )
          {
              mbedtls_printf( " failed\n  ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
                              -ret );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 0b2350236..807f880f8 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3212,11 +3212,11 @@ handshake:
         mbedtls_printf("\n");
 
         if( ( ret = mbedtls_ssl_tls_prf( eap_tls_keying.tls_prf_type, NULL, 0,
-                                          eap_tls_label,
-                                          eap_tls_keying.randbytes,
-                                          sizeof( eap_tls_keying.randbytes ),
-                                          eap_tls_iv,
-                                          sizeof( eap_tls_iv ) ) ) != 0 )
+                                         eap_tls_label,
+                                         eap_tls_keying.randbytes,
+                                         sizeof( eap_tls_keying.randbytes ),
+                                         eap_tls_iv,
+                                         sizeof( eap_tls_iv ) ) ) != 0 )
          {
              mbedtls_printf( " failed\n  ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
                              -ret );