diff --git a/examples/client/client.c b/examples/client/client.c
index ef3472448..84aab662e 100644
--- a/examples/client/client.c
+++ b/examples/client/client.c
@@ -354,7 +354,7 @@ void client_test(void* args)
     #endif
 #endif
     showPeer(ssl);
-    
+
     if (sendGET) {
         printf("SSL connect ok, sending GET...\n");
         msgSz = 28;
@@ -409,8 +409,20 @@ void client_test(void* args)
     CyaSSL_set_fd(sslResume, sockfd);
     CyaSSL_set_session(sslResume, session);
    
-    showPeer(sslResume); 
-    if (CyaSSL_connect(sslResume) != SSL_SUCCESS) err_sys("SSL resume failed");
+    showPeer(sslResume);
+#ifdef NON_BLOCKING
+    tcp_set_nonblocking(&sockfd);
+    NonBlockingSSL_Connect(sslResume);
+#else
+    #ifndef CYASSL_CALLBACKS
+        if (CyaSSL_connect(sslResume) != SSL_SUCCESS)
+            err_sys("SSL resume failed");
+    #else
+        timeout.tv_sec  = 2;
+        timeout.tv_usec = 0;
+        NonBlockingSSL_Connect(ssl);  /* will keep retrying on timeout */
+    #endif
+#endif
 
 #ifdef OPENSSL_EXTRA
     if (CyaSSL_session_reused(sslResume))
@@ -422,6 +434,15 @@ void client_test(void* args)
     if (CyaSSL_write(sslResume, resumeMsg, resumeSz) != resumeSz)
         err_sys("SSL_write failed");
 
+#ifdef NON_BLOCKING
+    /* need to give server a chance to bounce a message back to client */
+    #ifdef USE_WINDOWS_API
+        Sleep(500);
+    #else
+        sleep(1);
+    #endif
+#endif
+
     input = CyaSSL_read(sslResume, reply, sizeof(reply));
     if (input > 0) {
         reply[input] = 0;
diff --git a/src/ssl.c b/src/ssl.c
index c5fde9818..d25ebc377 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -2254,7 +2254,10 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
             neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
                                           SERVER_HELLODONE_COMPLETE;
             #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming)
+                /* In DTLS, when resuming, we can go straight to FINISHED,
+                 * or do a cookie exchange and then skip to FINISHED, assume
+                 * we need the cookie exchange first. */
+                if (ssl->options.dtls)
                     neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
             #endif
             /* get response */
@@ -2281,7 +2284,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
                 return SSL_SUCCESS;
 
             #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming) {
+                if (ssl->options.dtls) {
                     /* re-init hashes, exclude first hello and verify request */
                     InitMd5(&ssl->hashMd5);
                     InitSha(&ssl->hashSha);
@@ -2501,7 +2504,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
 
         case ACCEPT_CLIENT_HELLO_DONE :
             #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming)
+                if (ssl->options.dtls)
                     if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) {
                         CYASSL_ERROR(ssl->error);
                         return SSL_FATAL_ERROR;
@@ -2512,7 +2515,7 @@ int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
 
         case HELLO_VERIFY_SENT:
             #ifdef CYASSL_DTLS
-                if (ssl->options.dtls && !ssl->options.resuming) {
+                if (ssl->options.dtls) {
                     ssl->options.clientState = NULL_STATE;  /* get again */
                     /* re-init hashes, exclude first hello and verify request */
                     InitMd5(&ssl->hashMd5);