diff --git a/src/enclave/tls_session.h b/src/enclave/tls_session.h
index 8242cf887022..58b502e66f1f 100644
--- a/src/enclave/tls_session.h
+++ b/src/enclave/tls_session.h
@@ -416,8 +416,7 @@ namespace ccf
         }
         else
         {
-          LOG_TRACE_FMT(
-            "TLS {} on flush: {}", session_id, tls::error_string(r));
+          LOG_TRACE_FMT("TLS session {} error on flush: {}", session_id, -r);
           stop(error);
         }
       }
diff --git a/src/tls/context.h b/src/tls/context.h
index 54fafcd0fa82..ad68bcb26250 100644
--- a/src/tls/context.h
+++ b/src/tls/context.h
@@ -60,6 +60,15 @@ namespace tls
       SSL_CTX_set1_curves_list(cfg, "P-521:P-384:P-256");
       SSL_set1_curves_list(ssl, "P-521:P-384:P-256");
 
+      // Allow buffer to be relocated between WANT_WRITE retries, and do partial
+      // writes if possible
+      SSL_CTX_set_mode(
+        cfg,
+        SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);
+      SSL_set_mode(
+        ssl,
+        SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER | SSL_MODE_ENABLE_PARTIAL_WRITE);
+
       // Initialise connection
       if (client)
         SSL_set_connect_state(ssl);