diff --git a/CHANGES b/CHANGES
index e7755c1303..812f139f54 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.6b and 0.9.6c  [XX xxx XXXX]
 
+  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+     never resets s->method to s->ctx->method when called from within
+     one of the SSL handshake functions.
+     [Bodo Moeller; problem pointed out by Niko Baric]
+
   *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
      (sent using the client's version number) if client_version is
      smaller than the protocol version in use.  Also change
diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c
index 5050a13ef2..2d0eb4a8ff 100644
--- a/ssl/s23_clnt.c
+++ b/ssl/s23_clnt.c
@@ -113,8 +113,8 @@ int ssl23_connect(SSL *s)
 	else if (s->ctx->info_callback != NULL)
 		cb=s->ctx->info_callback;
 	
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 
 	for (;;)
 		{
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 789c9b648f..a403af3671 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -165,8 +165,8 @@ int ssl23_accept(SSL *s)
 	else if (s->ctx->info_callback != NULL)
 		cb=s->ctx->info_callback;
 	
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 
 	for (;;)
 		{
diff --git a/ssl/s2_clnt.c b/ssl/s2_clnt.c
index 28d6d65296..7c22f9e56a 100644
--- a/ssl/s2_clnt.c
+++ b/ssl/s2_clnt.c
@@ -118,8 +118,8 @@ int ssl2_connect(SSL *s)
 		cb=s->ctx->info_callback;
 
 	/* init things to blank */
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
 	for (;;)
 		{
diff --git a/ssl/s2_srvr.c b/ssl/s2_srvr.c
index 2fa2f310a8..2eecfda1f9 100644
--- a/ssl/s2_srvr.c
+++ b/ssl/s2_srvr.c
@@ -119,8 +119,8 @@ int ssl2_accept(SSL *s)
 		cb=s->ctx->info_callback;
 
 	/* init things to blank */
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
 	if (s->cert == NULL)
 		{
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index f56f12788a..e02f625155 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -119,8 +119,8 @@ int ssl3_connect(SSL *s)
 	else if (s->ctx->info_callback != NULL)
 		cb=s->ctx->info_callback;
 	
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
 
 	for (;;)
 		{
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 53da285bd3..21bd968579 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -179,8 +179,8 @@ int ssl3_accept(SSL *s)
 		cb=s->ctx->info_callback;
 
 	/* init things to blank */
-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 	s->in_handshake++;
+	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
 
 	if (s->cert == NULL)
 		{
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 362b68984c..afcc18b6bb 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -142,7 +142,7 @@ int SSL_clear(SSL *s)
 #if 1
 	/* Check to see if we were changed into a different method, if
 	 * so, revert back if we are not doing session-id reuse. */
-	if ((s->session == NULL) && (s->method != s->ctx->method))
+	if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
 		{
 		s->method->ssl_free(s);
 		s->method=s->ctx->method;