diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index de517d6a14..ca1116241b 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -76,6 +76,10 @@
 #include "zlib.h"
 #endif
 
+#if defined(POLARSSL_TIMING_C)
+#include "timing.h"
+#endif
+
 #if defined(POLARSSL_HAVE_TIME)
 #include <time.h>
 #endif
@@ -814,6 +818,14 @@ struct _ssl_context
     ssl_transform *transform;           /*!<  negotiated transform params     */
     ssl_transform *transform_negotiate; /*!<  transform params in negotiation */
 
+    /*
+     * Timers (WIP)
+     */
+#if defined(POLARSSL_TIMING_C)
+    struct hr_time time_info;
+    unsigned long time_limit;
+#endif
+
     /*
      * Record layer (incoming data)
      */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 603d1691a3..3f3d4ee570 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -78,6 +78,37 @@ static inline size_t ssl_ep_len( const ssl_context *ssl )
     return( 0 );
 }
 
+
+/*
+ * Timers (WIP)
+ */
+#if defined(POLARSSL_TIMING_C)
+/*
+ * Start a timer.
+ * Passing millisecs = 0 cancels a running timer.
+ * The timer is already running iff time_limit != 0.
+ */
+void ssl_set_timer( ssl_context *ssl, unsigned long millisecs )
+{
+    ssl->time_limit = millisecs;
+    get_timer( &ssl->time_info, 1 );
+}
+
+/*
+ * Return -1 is timer is expired, 0 if it isn't.
+ */
+int ssl_check_timer( ssl_context *ssl )
+{
+    if( ssl->time_limit != 0 &&
+        get_timer( &ssl->time_info, 0 ) > ssl->time_limit )
+    {
+        return( -1 );
+    }
+
+    return( 0 );
+}
+#endif
+
 #if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
 /*
  * Convert max_fragment_length codes to length.