diff --git a/CHANGELOG.md b/CHANGELOG.md
index 39e56f977..eb0be7d27 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -79,6 +79,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - HID: Move `src/classic/hid.h` into `src` and prefix with `btstack_` to use it with BLE and avoid name clashes
 - SM: start pairing as Central for already encrypted connection on Slave Security Request 
 - GAP: provide Device ID from EIR in GAP_EVENT_INQUIRY_RESULT
+- GAP: only store link key if it allows requested security level
 
 ## Release v1.3.2
 
diff --git a/src/hci.c b/src/hci.c
index 1ba7bf6c7..22061bd3f 100644
--- a/src/hci.c
+++ b/src/hci.c
@@ -2623,6 +2623,8 @@ static void event_handler(uint8_t *packet, uint16_t size){
             // only store link key:
             // - if bondable enabled
             if (hci_stack->bondable == false) break;
+            // - if security level sufficient
+            if (gap_security_level_for_link_key_type(link_key_type) < conn->requested_security_level) break;
             // - for SSP, also check if remote side requested bonding as well
             if (conn->link_key_type != COMBINATION_KEY){
                 uint8_t auth_req_ignoring_mitm = conn->io_cap_response_auth_req & 0xfe;