diff --git a/src/internal.c b/src/internal.c
index 9b54a3075..1591acb3f 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -13772,7 +13772,7 @@ int DoSessionTicket(WOLFSSL* ssl,
         encLen = WOLFSSL_TICKET_ENC_SZ;  /* max size user can use */
         ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
                                     et->enc_ticket, sizeof(InternalTicket),
-                                    &encLen, ssl->ticket_encrypt_ctx);
+                                    &encLen, ssl->ctx->ticketEncCtx);
         if (ret == WOLFSSL_TICKET_RET_OK) {
             if (encLen < (int)sizeof(InternalTicket) ||
                 encLen > WOLFSSL_TICKET_ENC_SZ) {
@@ -13847,7 +13847,7 @@ int DoSessionTicket(WOLFSSL* ssl,
         ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
                                     et->enc_ticket + inLen, 0,
                                     et->enc_ticket, inLen, &outLen,
-                                    ssl->ticket_encrypt_ctx);
+                                    ssl->ctx->ticketEncCtx);
         if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) return ret;
         if (outLen > inLen || outLen < (int)sizeof(InternalTicket)) {
             WOLFSSL_MSG("Bad user ticket decrypt len");
diff --git a/src/ssl.c b/src/ssl.c
index ccadfca2c..139e343f9 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -896,12 +896,12 @@ int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint)
 }
 
 /* set user context, SSL_SUCCESS on ok */
-int wolfSSL_set_TicketEncCtx(WOLFSSL* ssl, void* ctx)
+int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx)
 {
-    if (ssl == NULL)
+    if (ctx == NULL)
         return BAD_FUNC_ARG;
 
-    ssl->ticket_encrypt_ctx = ctx;
+    ctx->ticketEncCtx = userCtx;
 
     return SSL_SUCCESS;
 }
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index e111b00e9..65131fc05 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -1564,6 +1564,7 @@ struct WOLFSSL_CTX {
     TLSX* extensions;                  /* RFC 6066 TLS Extensions data */
     #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SEVER)
         SessionTicketEncCb ticketEncCb;   /* enc/dec session ticket Cb */
+        void*              ticketEncCtx;  /* session encrypt context */
         int                ticketHint;    /* ticket hint in seconds */
     #endif
 #endif
@@ -2251,9 +2252,6 @@ struct WOLFSSL {
         void*                 session_ticket_ctx;
         byte                  expect_session_ticket;
     #endif
-    #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
-        void*                 ticket_encrypt_ctx;  /* session encrypt context */
-    #endif
 #endif /* HAVE_TLS_EXTENSIONS */
 #ifdef HAVE_NETX
     NetX_Ctx        nxCtx;             /* NetX IO Context */
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index 2c34a8c4a..9c3ac84c9 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1395,7 +1395,7 @@ typedef int (*SessionTicketEncCb)(WOLFSSL*,
 WOLFSSL_API int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx,
                                             SessionTicketEncCb);
 WOLFSSL_API int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int);
-WOLFSSL_API int wolfSSL_set_TicketEncCtx(WOLFSSL* ctx, void*);
+WOLFSSL_API int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*);
 
 #endif /* NO_WOLFSSL_SERVER */