diff --git a/examples/client/client.c b/examples/client/client.c
index a6fe49f05..3d2fbac33 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -4034,17 +4034,22 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
     }
 #endif
 
-    if (dtlsUDP == 0) {           /* don't send alert after "break" command */
-        ret = wolfSSL_shutdown(ssl);
-        if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
-            if (tcp_select(sockfd, DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) {
-                ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
-                if (ret == WOLFSSL_SUCCESS)
-                    printf("Bidirectional shutdown complete\n");
+    ret = wolfSSL_shutdown(ssl);
+    if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
+        while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
+                TEST_RECV_READY) {
+            ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
+            if (ret == WOLFSSL_SUCCESS) {
+                printf("Bidirectional shutdown complete\n");
+                break;
             }
-            if (ret != WOLFSSL_SUCCESS)
+            else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) {
                 printf("Bidirectional shutdown failed\n");
+                break;
+            }
         }
+        if (ret != WOLFSSL_SUCCESS)
+            printf("Bidirectional shutdown failed\n");
     }
 #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY)
     if (atomicUser)
diff --git a/examples/server/server.c b/examples/server/server.c
index 336e5a790..a4335f10b 100644
--- a/examples/server/server.c
+++ b/examples/server/server.c
@@ -2908,16 +2908,44 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
         if (doDTLS && dtlsUDP) {
             byte          b[1500];
             int           n;
+            int           isClientHello = 0;
 
-            client_len = sizeof client_addr;
+            while (!isClientHello) {
+                client_len = sizeof client_addr;
 
-            /* For DTLS, peek at the next datagram so we can get the client's
-             * address and set it into the ssl object later to generate the
-             * cookie. */
-            n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK,
-                              (struct sockaddr*)&client_addr, &client_len);
-            if (n <= 0)
-                err_sys_ex(runWithErrors, "recvfrom failed");
+                /* For DTLS, peek at the next datagram so we can get the
+                 * client's address and set it into the ssl object later to
+                 * generate the cookie. */
+                n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK,
+                                  (struct sockaddr*)&client_addr, &client_len);
+
+                if (n <= 0)
+                    err_sys_ex(runWithErrors, "recvfrom failed");
+
+                /* when doing resumption, it may happen that we receive the
+                   alert used to shutdown the first connection as the first
+                   packet of the second accept:
+
+                   Client                |    Server
+                                         |    WolfSSL_Shutdown()
+                                         |    <- Alert
+                                         |    recvfrom(peek)
+                   WolfSSL_Shutdown()    |
+                   Alert->               |
+                                         |    wolfSSL_set_dtls_peer()
+
+                   but this will set the wrong src port, making the test fail.
+                   Discard not-handshake message to avoid this.
+                */
+                if (b[0] != 0x16) {
+                    /* discard the packet */
+                    n = (int)recvfrom(clientfd, (char *)b, sizeof(b), 0,
+                        (struct sockaddr *)&client_addr, &client_len);
+                }
+                else {
+                    isClientHello = 1;
+                }
+            }
 
             if (doBlockSeq) {
                 XMEMCPY(&dtlsCtx.peer.sa, &client_addr, client_len);
@@ -3303,9 +3331,20 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
 
         ret = SSL_shutdown(ssl);
         if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) {
-            ret = SSL_shutdown(ssl); /* bidirectional shutdown */
-            if (ret == WOLFSSL_SUCCESS)
-                printf("Bidirectional shutdown complete\n");
+            while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) ==
+                    TEST_RECV_READY) {
+                ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */
+                if (ret == WOLFSSL_SUCCESS) {
+                    printf("Bidirectional shutdown complete\n");
+                    break;
+                }
+                else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) {
+                    printf("Bidirectional shutdown failed\n");
+                    break;
+                }
+            }
+            if (ret != WOLFSSL_SUCCESS)
+                printf("Bidirectional shutdown failed\n");
         }
 
         /* display collected statistics */
diff --git a/tests/test-dtls-resume.conf b/tests/test-dtls-resume.conf
index 9eaba681f..3b8e79dbf 100644
--- a/tests/test-dtls-resume.conf
+++ b/tests/test-dtls-resume.conf
@@ -1061,3 +1061,17 @@
 -a
 -v 2
 -l ADH-AES128-SHA
+
+# server DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 bidirectional shutdown
+-u
+-r
+-v 3
+-l DHE-RSA-CHACHA20-POLY1305
+-w
+
+# client DTLSv1.2 DHE-RSA-CHACHA20-POLY1305 bidirectional shutdown
+-u
+-r
+-v 3
+-l DHE-RSA-CHACHA20-POLY1305
+-w
diff --git a/tests/test-dtls.conf b/tests/test-dtls.conf
index 0d0fad8e5..42f0f63c8 100644
--- a/tests/test-dtls.conf
+++ b/tests/test-dtls.conf
@@ -907,3 +907,11 @@
 -a
 -v 2
 -l ADH-AES128-SHA
+
+# server with bidirectional shutdown
+-l ECDHE-RSA-AES128-SHA256
+-w
+
+# client with bidirectional shutdown
+-l ECDHE-RSA-AES128-SHA256
+-w