diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 330d017ed..22d28c959 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2551,9 +2551,13 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl,
 static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
 {
     int ret;
-    const mbedtls_ecp_keypair *peer_key;
     mbedtls_pk_context * peer_pk;
 
+    /* Acquire peer's PK context: In case we store peer's entire
+     * certificate, we extract the context from it. Otherwise,
+     * we can use a temporary copy we've made for the purpose of
+     * signature verification. */
+
 #if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     peer_pk = &ssl->handshake->peer_pubkey;
 #else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -2580,20 +2584,34 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
         goto cleanup;
     }
 
-    peer_key = mbedtls_pk_ec( *peer_pk );
+    /* Extract ECDH parameters from peer's PK context. */
 
-    if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
-                                 MBEDTLS_ECDH_THEIRS ) ) != 0 )
     {
-        MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
-        goto cleanup;
-    }
+#if defined(MBEDTLS_USE_TINYCRYPT)
+        mbedtls_uecc_keypair *peer_key =
+            mbedtls_pk_uecc( *peer_pk );
 
-    if( ssl_check_server_ecdh_params( ssl ) != 0 )
-    {
-        MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
-        ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
-        goto cleanup;
+        memcpy( ssl->handshake->ecdh_peerkey,
+                peer_key->public_key,
+                sizeof( ssl->handshake->ecdh_peerkey ) );
+#else /* MBEDTLS_USE_TINYCRYPT */
+        const mbedtls_ecp_keypair *peer_key;
+        peer_key = mbedtls_pk_ec( *peer_pk );
+
+        if( ( ret = mbedtls_ecdh_get_params( &ssl->handshake->ecdh_ctx, peer_key,
+                                             MBEDTLS_ECDH_THEIRS ) ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_get_params" ), ret );
+            goto cleanup;
+        }
+
+        if( ssl_check_server_ecdh_params( ssl ) != 0 )
+        {
+            MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server certificate (ECDH curve)" ) );
+            ret = MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE;
+            goto cleanup;
+        }
+#endif /* MBEDTLS_USE_TINYCRYPT */
     }
 
 cleanup:
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 6d2d82fbd..ecbfc852f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -3198,6 +3198,26 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+
+#if defined(MBEDTLS_USE_TINYCRYPT)
+static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
+{
+    mbedtls_uecc_keypair *own_key =
+        mbedtls_pk_uecc( *mbedtls_ssl_own_key( ssl ) );
+
+    if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
+        return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
+    }
+
+    memcpy( ssl->handshake->ecdh_privkey,
+            own_key->private_key,
+            sizeof( ssl->handshake->ecdh_privkey ) );
+
+    return( 0 );
+}
+#else /* MBEDTLS_USE_TINYCRYPT */
 static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
 {
     int ret;
@@ -3218,6 +3238,7 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
 
     return( 0 );
 }
+#endif /* MBEDTLS_USE_TINYCRYPT */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
           MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */