diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 616df07de8..d32d58e2df 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1361,6 +1361,7 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
 int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session )
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
     if( ssl == NULL ||
         session == NULL ||
@@ -1373,6 +1374,16 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session
     if( ssl->handshake->resume == 1 )
         return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
 
+    ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( session->ciphersuite );
+    if( mbedtls_ssl_validate_ciphersuite( ssl, ciphersuite_info,
+                                          session->tls_version,
+                                          session->tls_version ) != 0 )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 4, ( "%d is not a valid ciphersuite.",
+                                    session->ciphersuite ) );
+        return( MBEDTLS_ERR_SSL_INVALID_MAC );
+    }
+
     if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate,
                                           session ) ) != 0 )
         return( ret );