diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c
index 374c6e49ec60af95bd2da01cbb47b63e793ac22f..1302eb0927dd3024235022caeb8339e65fc17cd5 100644
--- a/crypto/kdf/tls1_prf.c
+++ b/crypto/kdf/tls1_prf.c
@@ -138,6 +138,31 @@ static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
     }
 }
 
+static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL)
+        return 0;
+    if (strcmp(type, "md") == 0) {
+        TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+
+        const EVP_MD *md = EVP_get_digestbyname(value);
+        if (md == NULL)
+            return 0;
+        kctx->md = md;
+        return 1;
+    }
+    if (strcmp(type, "secret") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+    if (strcmp(type, "hexsecret") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+    if (strcmp(type, "seed") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+    if (strcmp(type, "hexseed") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+    return -2;
+}
+
 static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
                                 size_t *keylen)
 {
@@ -176,7 +201,7 @@ const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
     0,
     pkey_tls1_prf_derive,
     pkey_tls1_prf_ctrl,
-    0
+    pkey_tls1_prf_ctrl_str
 };
 
 static int tls1_prf_P_hash(const EVP_MD *md,
diff --git a/doc/crypto/EVP_PKEY_TLS1_PRF.pod b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
index 8e9ff5ac3172e27690e5756dafeb5ec729eee88f..e2a695dff13839d8ce9c53ac974aabb197372106 100644
--- a/doc/crypto/EVP_PKEY_TLS1_PRF.pod
+++ b/doc/crypto/EVP_PKEY_TLS1_PRF.pod
@@ -33,6 +33,14 @@ and any seed is reset.
 EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to B<seedlen> bytes of B<seed>.
 If a seed is already set it is appended to the existing value.
 
+=head1 STRING CTRLS
+
+The TLS PRF also supports string based control operations using
+EVP_PKEY_CTX_ctrl_str(). The B<type> parameters "secret" and "seed" use
+the supplied B<value> parameter as a secret or seed value. The names
+"hexsecret" and "hexseed" are similar except they take a hex string which
+is converted to binary.
+
 =head1 NOTES
 
 All these functions are implemented as macros.
@@ -82,6 +90,7 @@ and seed value "seed":
 =head1 SEE ALSO
 
 L<EVP_PKEY_CTX_new(3)>,
-L<EVP_PKEY_derive(3)>,
+L<EVP_PKEY_CTX_ctrl(3)>,
+L<EVP_PKEY_derive(3)>
 
 =cut