diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index c817def23..052277891 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -479,7 +479,6 @@ int mbedtls_ssl_send_fatal_handshake_failure( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl );
 
-int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl );
 int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_update_handshake_status( mbedtls_ssl_context *ssl );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8e209e78a..b8f271527 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4283,6 +4283,8 @@ static void ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl );
  * RFC 6347 4.1.2.7) and continue reading until a valid record is found.
  *
  */
+static int ssl_read_record_layer( mbedtls_ssl_context *ssl );
+
 int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
                              unsigned update_digest )
 {
@@ -4294,7 +4296,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
     {
         do {
 
-            ret = mbedtls_ssl_read_record_layer( ssl );
+            ret = ssl_read_record_layer( ssl );
             if( ret == MBEDTLS_ERR_SSL_CONTINUE_PROCESSING )
                 continue;
 
@@ -4332,7 +4334,7 @@ int mbedtls_ssl_read_record( mbedtls_ssl_context *ssl,
     return( 0 );
 }
 
-int mbedtls_ssl_read_record_layer( mbedtls_ssl_context *ssl )
+static int ssl_read_record_layer( mbedtls_ssl_context *ssl )
 {
     int ret;