diff --git a/src/l2cap.c b/src/l2cap.c
index 8fbff75dc..2042fdb92 100644
--- a/src/l2cap.c
+++ b/src/l2cap.c
@@ -3835,6 +3835,29 @@ l2cap_ecbm_emit_incoming_connection(l2cap_channel_t *channel, uint8_t num_channe
     (*channel->packet_handler)(HCI_EVENT_PACKET, 0, event, sizeof(event));
 }
 
+static uint8_t l2cap_ecbm_security_status_for_connection_request(hci_con_handle_t handle, gap_security_level_t required_security_level) {
+    // check security in increasing error priority
+    uint8_t security_status = L2CAP_ECBM_CONNECTION_RESULT_ALL_SUCCESS;
+
+    // security: check encryption
+    if (required_security_level >= LEVEL_2) {
+        if (gap_encryption_key_size(handle) < 16) {
+            security_status = L2CAP_ECBM_CONNECTION_RESULT_ALL_REFUSED_ENCYRPTION_KEY_SIZE_TOO_SHORT;
+        }
+        if (gap_encryption_key_size(handle) == 0){
+            security_status = L2CAP_ECBM_CONNECTION_RESULT_ALL_REFUSED_INSUFFICIENT_ENCRYPTION;
+        }
+    }
+
+    // security: check authentication
+    if (required_security_level >= LEVEL_3) {
+        if (!gap_authenticated(handle)) {
+            security_status = L2CAP_ECBM_CONNECTION_RESULT_ALL_REFUSED_INSUFFICIENT_AUTHENTICATION;
+        }
+    }
+    return security_status;
+}
+
 static void l2cap_ecbm_handle_security_level_incoming_sufficient(l2cap_channel_t * channel){
     // count number of l2cap_channels in state L2CAP_STATE_WAIT_INCOMING_SECURITY_LEVEL_UPDATE with same remote_sig_id
     uint8_t sig_id = channel->remote_sig_id;
@@ -3908,29 +3931,9 @@ static int l2cap_ecbm_signaling_handler_dispatch(hci_con_handle_t handle, uint16
                     return 1;
                 }
 
-                // check security in increasing error priority
-                uint8_t security_status = L2CAP_ECBM_CONNECTION_RESULT_ALL_SUCCESS;
-
-                // security: check encryption
-                if (service->required_security_level >= LEVEL_2) {
-                    if (gap_encryption_key_size(handle) < 16) {
-                        security_status = L2CAP_ECBM_CONNECTION_RESULT_ALL_REFUSED_ENCYRPTION_KEY_SIZE_TOO_SHORT;
-                    }
-                    if (gap_encryption_key_size(handle) == 0){
-                        security_status = L2CAP_ECBM_CONNECTION_RESULT_ALL_REFUSED_INSUFFICIENT_ENCRYPTION;
-                    }
-                }
-
-                // security: check authentication
-                if (service->required_security_level >= LEVEL_3) {
-                    if (!gap_authenticated(handle)) {
-                        security_status = L2CAP_ECBM_CONNECTION_RESULT_ALL_REFUSED_INSUFFICIENT_AUTHENTICATION;
-                        return 1;
-                    }
-                }
-
-                // check if authentication is possible
+                // check if authentication is required and possible
                 bool send_pending = false;
+                uint8_t security_status = l2cap_ecbm_security_status_for_connection_request(handle, service->required_security_level);
                 if (security_status != L2CAP_ECBM_CONNECTION_RESULT_ALL_SUCCESS) {
                     if (gap_get_bondable_mode() != 0) {
                         // if possible, send pending and continue
@@ -3938,7 +3941,7 @@ static int l2cap_ecbm_signaling_handler_dispatch(hci_con_handle_t handle, uint16
                     } else {
                         // otherwise, send refused and abort
                         l2cap_register_signaling_response(handle, L2CAP_CREDIT_BASED_CONNECTION_REQUEST, sig_id,
-                                                          num_channels_and_signaling_cid, L2CAP_ECBM_CONNECTION_RESULT_ALL_PENDING_AUTHENTICATION);
+                                                          num_channels_and_signaling_cid, security_status);
                         return 1;
                     }
                 }