diff --git a/cyassl/internal.h b/cyassl/internal.h
index 952660f05..f584a7bca 100644
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -986,6 +986,7 @@ typedef struct Options {
     byte            downgrade;          /* allow downgrade of versions */
     byte            sendVerify;         /* false = 0, true = 1, sendBlank = 2 */
     byte            resuming;
+    byte            haveSessionId;      /* server may not send */
     byte            tls;                /* using TLS ? */
     byte            tls1_1;             /* using TLSv1.1+ ? */
     byte            dtls;               /* using datagrams ? */
diff --git a/src/internal.c b/src/internal.c
index 1b0624cec..2a8ad6b93 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -858,6 +858,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
     ssl->options.sendVerify = ctx->sendVerify;
     
     ssl->options.resuming = 0;
+    ssl->options.haveSessionId = 0;
     ssl->hmac = Hmac;         /* default to SSLv3 */
     ssl->heap = ctx->heap;    /* defaults to self */
     ssl->options.tls    = 0;
@@ -4169,7 +4170,6 @@ int SetCipherList(Suites* s, const char* list)
         byte compression;
         ProtocolVersion pv;
         word32 i = *inOutIdx;
-        int serverResumption = 0;
 
 #ifdef CYASSL_CALLBACKS
         if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
@@ -4211,7 +4211,7 @@ int SetCipherList(Suites* s, const char* list)
         if (b) {
             XMEMCPY(ssl->arrays.sessionID, input + i, b);
             i += b;
-            serverResumption = 1;
+            ssl->options.haveSessionId = 1;
         }
         ssl->options.cipherSuite0 = input[i++];
         ssl->options.cipherSuite  = input[i++];  
@@ -4227,7 +4227,7 @@ int SetCipherList(Suites* s, const char* list)
         *inOutIdx = i;
 
         if (ssl->options.resuming) {
-            if (serverResumption && XMEMCMP(ssl->arrays.sessionID,
+            if (ssl->options.haveSessionId && XMEMCMP(ssl->arrays.sessionID,
                                          ssl->session.sessionID, ID_LEN) == 0) {
                 if (SetCipherSpecs(ssl) == 0) {
                     int ret; 
@@ -5571,6 +5571,7 @@ int SetCipherList(Suites* s, const char* list)
         ssl->options.clientState = CLIENT_HELLO_COMPLETE;
         *inOutIdx = idx;
 
+        ssl->options.haveSessionId = 1;
         /* DoClientHello uses same resume code */
         while (ssl->options.resuming) {  /* let's try */
             int ret; 
@@ -5726,6 +5727,7 @@ int SetCipherList(Suites* s, const char* list)
         if ( (i - begin) < helloSz)
             *inOutIdx = begin + helloSz;  /* skip extensions */
         
+        ssl->options.haveSessionId = 1;
         /* ProcessOld uses same resume code */
         while (ssl->options.resuming) {  /* let's try */
             int ret;            
diff --git a/src/ssl.c b/src/ssl.c
index 5ecf8dcb6..c37bebfea 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2572,7 +2572,10 @@ CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
     int          idx;
     
     if (ssl->options.sessionCacheOff)
-        return 0;
+        return NULL;
+
+    if (ssl->options.haveSessionId == 0)
+        return NULL;
 
     row = HashSession(id) % SESSION_ROWS;
 
@@ -2635,6 +2638,9 @@ int AddSession(CYASSL* ssl)
     if (ssl->options.sessionCacheOff)
         return 0;
 
+    if (ssl->options.haveSessionId == 0)
+        return 0;
+
     row = HashSession(ssl->arrays.sessionID) % SESSION_ROWS;
 
     if (LockMutex(&session_mutex) != 0)