diff --git a/src/tls_cache.c b/src/tls_cache.c
index 5fc874f..428a59e 100644
--- a/src/tls_cache.c
+++ b/src/tls_cache.c
@@ -231,6 +231,10 @@ static rustls_result tls_cache_get(
     unsigned int vlen, klen;
     const unsigned char *kdata;
 
+    if (key->len > UINT_MAX || key->len > SSIZE_MAX) {
+        return RUSTLS_RESULT_INVALID_PARAMETER;
+    }
+
     if (!sc->global->session_cache) goto not_found;
     tls_cache_lock(sc->global);
 
@@ -241,7 +245,7 @@ static rustls_result tls_cache_get(
         sc->global->session_cache, cc->server, kdata, klen, buf, &vlen, c->pool);
 
     if (APLOGctrace4(c)) {
-        apr_ssize_t n = klen;
+        apr_ssize_t n = (apr_ssize_t) klen;
         ap_log_cerror(APLOG_MARK, APLOG_TRACE4, rv, c, "retrieve key %d[%8x], found %d val",
             klen, apr_hashfunc_default((const char*)kdata, &n), vlen);
     }