diff --git a/CHANGES b/CHANGES
index 20f60e3c00..3909697e95 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,11 +6,13 @@
 
   *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
      should end in 'break', not 'goto end' which circuments various
-     cleanups.
+     cleanups done in state SSL_ST_OK.   But session related stuff
+     must be disabled for SSL_ST_OK in the case that we just sent a
+     HelloRequest.
 
      Also avoid some overhead by not calling ssl_init_wbio_buffer()
      before just sending a HelloRequest.
-     [Bodo Moeller]
+     [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
 
   *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
      reveal whether illegal block cipher padding was found or a MAC
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 6da6a6eac9..7c80ddcf07 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -167,6 +167,7 @@ int ssl3_accept(SSL *s)
 	long num1;
 	int ret= -1;
 	int new_state,state,skip=0;
+	int got_new_session=0;
 
 	RAND_add(&Time,sizeof(Time),0);
 	ERR_clear_error();
@@ -279,6 +280,7 @@ int ssl3_accept(SSL *s)
 			s->shutdown=0;
 			ret=ssl3_get_client_hello(s);
 			if (ret <= 0) goto end;
+			got_new_session=1;
 			s->state=SSL3_ST_SW_SRVR_HELLO_A;
 			s->init_num=0;
 			break;
@@ -509,18 +511,23 @@ int ssl3_accept(SSL *s)
 			/* remove buffering on output */
 			ssl_free_wbio_buffer(s);
 
-			s->new_session=0;
 			s->init_num=0;
 
-			ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
-
-			s->ctx->stats.sess_accept_good++;
-			/* s->server=1; */
-			s->handshake_func=ssl3_accept;
-			ret=1;
-
-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+			if (got_new_session) /* skipped if we just sent a HelloRequest */
+				{
+				/* actually not necessarily a 'new' session  */
+				
+				s->new_session=0;
+				
+				ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+				
+				s->ctx->stats.sess_accept_good++;
+				/* s->server=1; */
+				s->handshake_func=ssl3_accept;
 
+				if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+				}
+			
 			goto end;
 			/* break; */
 
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 81b06341a4..5338517725 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -583,7 +583,9 @@ struct ssl_st
 
 	int server;	/* are we the server side? - mostly used by SSL_clear*/
 
-	int new_session;/* 1 if we are to use a new session */
+	int new_session;/* 1 if we are to use a new session.
+	                 * NB: For servers, the 'new' session may actually be a previously
+	                 * cached session or even the previous session */
 	int quiet_shutdown;/* don't send shutdown packets */
 	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
 			 * for received */