diff --git a/src/eap-peap.c b/src/eap-peap.c
index 5c917c06..9558ce52 100644
--- a/src/eap-peap.c
+++ b/src/eap-peap.c
@@ -523,7 +523,13 @@ static void eap_peap_tunnel_ready(const char *peer_identity, void *user_data)
 static void eap_peap_tunnel_disconnected(enum l_tls_alert_desc reason,
 						bool remote, void *user_data)
 {
-	l_info("PEAP TLS tunnel has disconnected with alert: %d", reason);
+	l_info("PEAP TLS tunnel has disconnected with alert: %s",
+		l_tls_alert_to_str(reason));
+}
+
+static void eap_peap_debug_cb(const char *str, void *user_data)
+{
+	l_info("PEAP TLS %s", str);
 }
 
 static bool eap_peap_tunnel_init(struct eap_state *eap)
@@ -544,6 +550,9 @@ static bool eap_peap_tunnel_init(struct eap_state *eap)
 		return false;
 	}
 
+	if (getenv("IWD_TLS_DEBUG"))
+		l_tls_set_debug(peap->tunnel, eap_peap_debug_cb, NULL, NULL);
+
 	if (!l_tls_set_auth_data(peap->tunnel, peap->client_cert,
 					peap->client_key, NULL)) {
 		l_error("PEAP: Failed to set authentication data.");
diff --git a/src/eap-tls.c b/src/eap-tls.c
index ed0258e2..a816645d 100644
--- a/src/eap-tls.c
+++ b/src/eap-tls.c
@@ -161,6 +161,11 @@ static void eap_tls_disconnect_cb(enum l_tls_alert_desc reason,
 	tls->completed = true;
 }
 
+static void eap_tls_debug_cb(const char *str, void *user_data)
+{
+	l_info("EAP-TLS %s", str);
+}
+
 static void eap_tls_handle_request(struct eap_state *eap,
 					const uint8_t *pkt, size_t len)
 {
@@ -300,6 +305,9 @@ static void eap_tls_handle_request(struct eap_state *eap,
 			goto err;
 		}
 
+		if (getenv("IWD_TLS_DEBUG"))
+			l_tls_set_debug(tls->tls, eap_tls_debug_cb, NULL, NULL);
+
 		l_tls_set_auth_data(tls->tls, tls->client_cert, tls->client_key,
 					tls->passphrase);
 
diff --git a/src/eap-ttls.c b/src/eap-ttls.c
index 2c1a9256..3445434b 100644
--- a/src/eap-ttls.c
+++ b/src/eap-ttls.c
@@ -818,6 +818,11 @@ static void eap_ttls_disconnect_cb(enum l_tls_alert_desc reason,
 	ttls->completed = true;
 }
 
+static void eap_ttls_debug_cb(const char *str, void *user_data)
+{
+	l_info("EAP-TTLS %s", str);
+}
+
 static void eap_ttls_handle_payload(struct eap_state *eap,
 						const uint8_t *pkt,
 						size_t pkt_len)
@@ -1004,6 +1009,9 @@ add_to_pkt_buf:
 			goto err;
 		}
 
+		if (getenv("IWD_TLS_DEBUG"))
+			l_tls_set_debug(ttls->tls, eap_ttls_debug_cb, NULL, NULL);
+
 		l_tls_set_auth_data(ttls->tls, ttls->client_cert,
 					ttls->client_key, ttls->passphrase);