diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index aabe8c5f8..2750b4e51 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -933,6 +933,25 @@ int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
         return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
     }
 
+#if defined(MBEDTLS_SSL_CID)
+    /* Copy own and peer's CID if the use of the CID
+     * extension has been negotiated. */
+    if( ssl->handshake->cid_in_use == MBEDTLS_SSL_CID_ENABLED )
+    {
+        MBEDTLS_SSL_DEBUG_MSG( 3, ( "Copy CIDs into SSL transform" ) );
+        transform->in_cid_len = ssl->own_cid_len;
+        transform->out_cid_len = ssl->handshake->peer_cid_len;
+        memcpy( transform->in_cid, ssl->own_cid, ssl->own_cid_len );
+        memcpy( transform->out_cid, ssl->handshake->peer_cid,
+                ssl->handshake->peer_cid_len );
+
+        MBEDTLS_SSL_DEBUG_BUF( 3, "Outgoing CID", transform->out_cid,
+                               transform->out_cid_len );
+        MBEDTLS_SSL_DEBUG_BUF( 3, "Ingoing CID", transform->in_cid,
+                               transform->in_cid_len );
+    }
+#endif /* MBEDTLS_SSL_CID */
+
     /*
      * Set appropriate PRF function and other SSL / TLS / TLS1.2 functions
      */