diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 591692761e..c219d672e9 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -107,8 +107,8 @@
  * SSL       5   2 (Started from 0x5F00)
  * CIPHER    6   8 (Started from 0x6080)
  * SSL       6   24 (Started from top, plus 0x6000)
- * SSL       7   30 (Started from 0x7080, gaps at
- *                   0x7300, 0x7800)
+ * SSL       7   29 (Started from 0x7080, gaps at
+ *                   0x7300, 0x7500, 0x7800)
  *
  * Module dependent error code (5 bits 0x.00.-0x.F8.)
  */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 2dd6cc4551..107a40ea88 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -71,7 +71,7 @@
 #define MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN                  -0x7380  /**< The server has no ciphersuites in common with the client. */
 #define MBEDTLS_ERR_SSL_NO_RNG                            -0x7400  /**< No RNG was provided to the SSL module. */
 #define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480  /**< No client certification received from the client, but required by the authentication mode. */
-#define MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE             -0x7500  /**< Our own certificate(s) is/are too large to send in an SSL message. */
+/* NOTE: Error space gap */
 #define MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED              -0x7580  /**< The own certificate is not set, but needed by the server. */
 #define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED              -0x7600  /**< The own private key or pre-shared key is not set, but needed. */
 #define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED                 -0x7680  /**< No CA Chain is set, but required to operate. */
diff --git a/library/error.c b/library/error.c
index 1b050df3de..039e7be5b9 100644
--- a/library/error.c
+++ b/library/error.c
@@ -380,8 +380,6 @@ const char * mbedtls_high_level_strerr( int error_code )
             return( "SSL - No RNG was provided to the SSL module" );
         case -(MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE):
             return( "SSL - No client certification received from the client, but required by the authentication mode" );
-        case -(MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE):
-            return( "SSL - Our own certificate(s) is/are too large to send in an SSL message" );
         case -(MBEDTLS_ERR_SSL_CERTIFICATE_REQUIRED):
             return( "SSL - The own certificate is not set, but needed by the server" );
         case -(MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED):
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 75faf22adf..422df9944c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1964,7 +1964,7 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
             MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET
                                         " > %" MBEDTLS_PRINTF_SIZET,
                            i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
-            return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
+            return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
         }
 
         ssl->out_msg[i    ] = (unsigned char)( n >> 16 );