diff --git a/lib/internal/crypto/diffiehellman.js b/lib/internal/crypto/diffiehellman.js
index 85f2be16007c74..036f661fad6be2 100644
--- a/lib/internal/crypto/diffiehellman.js
+++ b/lib/internal/crypto/diffiehellman.js
@@ -3,7 +3,7 @@
 const {
   ArrayBufferPrototypeSlice,
   FunctionPrototypeCall,
-  MathFloor,
+  MathCeil,
   ObjectDefineProperty,
   Promise,
   SafeSet,
@@ -386,9 +386,9 @@ async function asyncDeriveBitsECDH(algorithm, baseKey, length) {
   if (length === null)
     return bits;
 
-  // If the length is not a multiple of 8, it will be truncated
-  // down to the nearest multiple of 8.
-  length = MathFloor(length / 8);
+  // If the length is not a multiple of 8 the nearest ceiled
+  // multiple of 8 is sliced.
+  length = MathCeil(length / 8);
   const { byteLength } = bits;
 
   // If the length is larger than the derived secret, throw.
diff --git a/test/parallel/test-webcrypto-derivebits-cfrg.js b/test/parallel/test-webcrypto-derivebits-cfrg.js
index ff3e4ef7de5470..2233d1a2d274c7 100644
--- a/test/parallel/test-webcrypto-derivebits-cfrg.js
+++ b/test/parallel/test-webcrypto-derivebits-cfrg.js
@@ -133,7 +133,7 @@ async function prepareKeys() {
 
         assert.strictEqual(
           Buffer.from(bits).toString('hex'),
-          result.slice(0, -4));
+          result.slice(0, -2));
       }
     }));
 
diff --git a/test/parallel/test-webcrypto-derivebits-ecdh.js b/test/parallel/test-webcrypto-derivebits-ecdh.js
index de19ac1cd4e415..826b591d37ca65 100644
--- a/test/parallel/test-webcrypto-derivebits-ecdh.js
+++ b/test/parallel/test-webcrypto-derivebits-ecdh.js
@@ -154,7 +154,7 @@ async function prepareKeys() {
 
         assert.strictEqual(
           Buffer.from(bits).toString('hex'),
-          result.slice(0, -4));
+          result.slice(0, -2));
       }
     }));