diff --git a/lib/modules/SSL.pmod/Connection.pike b/lib/modules/SSL.pmod/Connection.pike
index 93e48e45eef9050ceb6a71ae8d5c79807abbd46a..e04146c2a3b9e3578b53abe3cd96361b3365392b 100644
--- a/lib/modules/SSL.pmod/Connection.pike
+++ b/lib/modules/SSL.pmod/Connection.pike
@@ -901,6 +901,19 @@ string(8bit)|int got_data(string(8bit) data)
 	     return err;
 	   if (err > 0) {
 	     state &= ~CONNECTION_handshaking;
+             if( expect_change_cipher && sizeof(handshake_buffer) )
+             {
+               send_packet(alert(ALERT_fatal, ALERT_unexpected_message,
+                                 "Extraneous handshake packets.\n"));
+               return -1;
+             }
+             if( !secure_renegotiation && sizeof(handshake_buffer) )
+             {
+               send_packet(alert(ALERT_fatal, ALERT_no_renegotiation,
+                                 "Renegotiation not supported in unsecure "
+                                 "mode.\n"));
+               return -1;
+             }
 	   }
 	 }
 	 break;