diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index 8f2f75048f7e9d..316a767767875b 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -1536,8 +1536,9 @@ static Local<Object> X509ToObject(Environment* env, X509* cert) {
                                     String::kNormalString, mem->length));
       (void) BIO_reset(bio);
 
-      BN_ULONG exponent_word = BN_get_word(rsa->e);
-      BIO_printf(bio, "0x%lx", exponent_word);
+      unsigned long exponent =  // NOLINT(runtime/int)
+        static_cast<unsigned long>(BN_get_word(rsa->e));  // NOLINT(runtime/int)
+      BIO_printf(bio, "0x%lx", exponent);
 
       BIO_get_mem_ptr(bio, &mem);
       info->Set(env->exponent_string(),
diff --git a/src/node_crypto_clienthello.cc b/src/node_crypto_clienthello.cc
index 8c862c1b6a5198..2ddf34a7cea1a8 100644
--- a/src/node_crypto_clienthello.cc
+++ b/src/node_crypto_clienthello.cc
@@ -2,6 +2,9 @@
 #include "node_crypto_clienthello-inl.h"
 #include "node_buffer.h"  // Buffer
 
+// FUTURE TODO export maximum TLS ticket size:
+static const size_t kTLSTicketSizeMask = 0xFFFF;
+
 namespace node {
 
 void ClientHelloParser::Parse(const uint8_t* data, size_t avail) {
@@ -146,7 +149,8 @@ void ClientHelloParser::ParseExtension(const uint16_t type,
       ocsp_request_ = 1;
       break;
     case kTLSSessionTicket:
-      tls_ticket_size_ = len;
+      // TBD POSSIBLE DATA LOSS:
+      tls_ticket_size_ = static_cast<uint16_t>(len & kTLSTicketSizeMask);
       tls_ticket_ = data + len;
       break;
     default: