diff --git a/hkexnet/consts.go b/hkexnet/consts.go
index 60b64db..d92499d 100644
--- a/hkexnet/consts.go
+++ b/hkexnet/consts.go
@@ -52,6 +52,7 @@ type CSCipherAlg uint32
 
 const (
 	HmacSHA256 = iota
+	HmacSHA512
 	HmacNoneDisallowed
 )
 // Available HMACs for hkex.Conn (TODO: not currently used)
diff --git a/hkexnet/hkexchan.go b/hkexnet/hkexchan.go
index 7f833e9..b475562 100644
--- a/hkexnet/hkexchan.go
+++ b/hkexnet/hkexchan.go
@@ -27,6 +27,7 @@ import (
 	// (Would be nice if the golang pkg docs were more clear
 	// on this...)
 	_ "crypto/sha256"
+	_ "crypto/sha512"
 )
 
 /* Support functionality to set up encryption after a channel has
@@ -92,6 +93,14 @@ func (hc Conn) getStream(keymat *big.Int) (rc cipher.Stream, mc hash.Hash, err e
 			log.Fatal("hash not available!")
 		}
 		break
+	case HmacSHA512:
+		log.Printf("[hash HmacSHA512 (%d)]\n", hopts)
+		halg := crypto.SHA512
+		mc = halg.New()
+		if !halg.Available() {
+			log.Fatal("hash not available!")
+		}
+		break
 	default:
 		log.Printf("[invalid hmac (%d)]\n", hopts)
 		fmt.Printf("DOOFUS SET A VALID HMAC ALG (%d)\n", hopts)
diff --git a/hkexnet/hkexnet.go b/hkexnet/hkexnet.go
index d3761d0..0c94feb 100644
--- a/hkexnet/hkexnet.go
+++ b/hkexnet/hkexnet.go
@@ -176,6 +176,11 @@ func (hc *Conn) applyConnExtensions(extensions ...string) {
 			hc.cipheropts &= (0xFFFF00FF)
 			hc.cipheropts |= (HmacSHA256 << 8)
 			break
+		case "H_SHA512":
+			log.Println("[extension arg = H_SHA512]")
+			hc.cipheropts &= (0xFFFF00FF)
+			hc.cipheropts |= (HmacSHA512 << 8)
+			break
 		default:
 			log.Printf("[Dial ext \"%s\" ignored]\n", s)
 			break