diff --git a/configure.ac b/configure.ac
index 9f5198f25..7d551e816 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1393,6 +1393,7 @@ then
     AM_CFLAGS="$AM_CFLAGS -DKEEP_OUR_CERT"
     AM_CFLAGS="$AM_CFLAGS -DKEEP_PEER_CERT"
     AM_CFLAGS="$AM_CFLAGS -DHAVE_KEYING_MATERIAL"
+    AM_CFLAGS="$AM_CFLAGS -DNO_SESSION_CACHE_REF"
 fi
 
 if test "$ENABLED_FORTRESS" = "yes"
diff --git a/src/ssl.c b/src/ssl.c
index 1282c36e6..1e0a51c99 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -17989,14 +17989,17 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
         if (ssl->hsHashes)
             (void)InitHandshakeHashes(ssl);
 
-#ifdef SESSION_CERTS
-        ssl->session->chain.count = 0;
-#endif
 #ifdef KEEP_PEER_CERT
         FreeX509(&ssl->peerCert);
         InitX509(&ssl->peerCert, 0, ssl->heap);
 #endif
 
+        wolfSSL_SESSION_free(ssl->session);
+        ssl->session = wolfSSL_NewSession(ssl->heap);
+        if (ssl->session == NULL) {
+            return WOLFSSL_FAILURE;
+        }
+
         return WOLFSSL_SUCCESS;
     }