diff --git a/src/internal.c b/src/internal.c
index e837c41e3..9b54a3075 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -13772,7 +13772,7 @@ int DoSessionTicket(WOLFSSL* ssl,
         encLen = WOLFSSL_TICKET_ENC_SZ;  /* max size user can use */
         ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
                                     et->enc_ticket, sizeof(InternalTicket),
-                                    &encLen);
+                                    &encLen, ssl->ticket_encrypt_ctx);
         if (ret == WOLFSSL_TICKET_RET_OK) {
             if (encLen < (int)sizeof(InternalTicket) ||
                 encLen > WOLFSSL_TICKET_ENC_SZ) {
@@ -13846,7 +13846,8 @@ int DoSessionTicket(WOLFSSL* ssl,
         outLen = inLen;   /* may be reduced by user padding */
         ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
                                     et->enc_ticket + inLen, 0,
-                                    et->enc_ticket, inLen, &outLen);
+                                    et->enc_ticket, inLen, &outLen,
+                                    ssl->ticket_encrypt_ctx);
         if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) return ret;
         if (outLen > inLen || outLen < (int)sizeof(InternalTicket)) {
             WOLFSSL_MSG("Bad user ticket decrypt len");
diff --git a/src/ssl.c b/src/ssl.c
index 48ee6a54f..ccadfca2c 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -895,6 +895,17 @@ int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint)
     return SSL_SUCCESS;
 }
 
+/* set user context, SSL_SUCCESS on ok */
+int wolfSSL_set_TicketEncCtx(WOLFSSL* ssl, void* ctx)
+{
+    if (ssl == NULL)
+        return BAD_FUNC_ARG;
+
+    ssl->ticket_encrypt_ctx = ctx;
+
+    return SSL_SUCCESS;
+}
+
 #endif /* !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) */
 
 /* Session Ticket */
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 7434841dd..e111b00e9 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -2251,6 +2251,9 @@ struct WOLFSSL {
         void*                 session_ticket_ctx;
         byte                  expect_session_ticket;
     #endif
+    #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
+        void*                 ticket_encrypt_ctx;  /* session encrypt context */
+    #endif
 #endif /* HAVE_TLS_EXTENSIONS */
 #ifdef HAVE_NETX
     NetX_Ctx        nxCtx;             /* NetX IO Context */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 11a7697b0..2c34a8c4a 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1391,10 +1391,11 @@ typedef int (*SessionTicketEncCb)(WOLFSSL*,
                                  unsigned char key_name[WOLFSSL_TICKET_NAME_SZ],
                                  unsigned char iv[WOLFSSL_TICKET_IV_SZ],
                                  unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
-                                 int enc, unsigned char*, int, int*);
+                                 int enc, unsigned char*, int, int*, void*);
 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
                                             SessionTicketEncCb);
 WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
+WOLFSSL_API int wolfSSL_set_TicketEncCtx(WOLFSSL* ctx, void*);
 
 #endif /* NO_WOLFSSL_SERVER */
 
diff --git a/wolfssl/test.h b/wolfssl/test.h
index 1b1e444ba..112c3301e 100644
--- a/wolfssl/test.h
+++ b/wolfssl/test.h
@@ -1878,9 +1878,11 @@ static INLINE const char* mymktemp(char *tempfn, int len, int num)
                              byte key_name[WOLFSSL_TICKET_NAME_SZ],
                              byte iv[WOLFSSL_TICKET_IV_SZ],
                              byte mac[WOLFSSL_TICKET_MAC_SZ],
-                             int enc, byte* ticket, int inLen, int* outLen)
+                             int enc, byte* ticket, int inLen, int* outLen,
+                             void* userCtx)
     {
         (void)ssl;
+        (void)userCtx;
 
         int ret;
         word16 sLen = htons(inLen);