diff --git a/src/internal.c b/src/internal.c
index 04b574f0e..161076929 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -17303,6 +17303,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e)
     case CLIENT_CERT_CB_ERROR:
         return "Error importing client cert or key from callback";
 
+    case SSL_SHUTDOWN_ALREADY_DONE_E:
+        return "Shutdown has already occurred";
+
     default :
         return "unknown error number";
     }
diff --git a/src/ssl.c b/src/ssl.c
index 039aac212..0304de587 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2884,6 +2884,14 @@ int wolfSSL_shutdown(WOLFSSL* ssl)
             }
         }
 
+#ifdef WOLFSSL_SHUTDOWNONCE
+        if (ssl->options.isClosed || ssl->options.connReset) {
+            /* Shutdown has already occurred.
+             * Caller is free to ignore this error. */
+            return SSL_SHUTDOWN_ALREADY_DONE_E;
+        }
+#endif
+
         /* call wolfSSL_shutdown again for bidirectional shutdown */
         if (ssl->options.sentNotify && !ssl->options.closeNotify) {
             ret = wolfSSL_read(ssl, &tmp, 0);
diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h
index d03db5661..c1e14c3e3 100644
--- a/wolfssl/error-ssl.h
+++ b/wolfssl/error-ssl.h
@@ -165,6 +165,8 @@ enum wolfSSL_ErrorCodes {
     TCA_ABSENT_ERROR             = -434,   /* TLSX TCA ID no response */
     TSIP_MAC_DIGSZ_E             = -435,   /* Invalid MAC size for TSIP */
     CLIENT_CERT_CB_ERROR         = -436,   /* Client cert callback error */
+    SSL_SHUTDOWN_ALREADY_DONE_E  = -437,   /* Shutdown called redundantly */
+
     /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */
 
     /* begin negotiation parameter errors */