diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 22895e1c2..29c1c21a9 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -90,7 +90,7 @@
  * ECP       4   10 (Started from top)
  * MD        5   5
  * CIPHER    6   8
- * SSL       6   17 (Started from top)
+ * SSL       6   22 (Started from top)
  * SSL       7   31
  *
  * Module dependent error code (5 bits 0x.00.-0x.F8.)
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 250031a6d..def20dbec 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -120,6 +120,7 @@
 #define MBEDTLS_ERR_SSL_NON_FATAL                         -0x6680  /**< The alert message received indicates a non-fatal error. */
 #define MBEDTLS_ERR_SSL_INVALID_VERIFY_HASH               -0x6600  /**< Couldn't set the hash for verifying CertificateVerify */
 #define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING               -0x6580  /**< Internal-only message signaling that further message-processing should be done */
+#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS                -0x6500  /**< A cryptographic operation is in progress. Try again later. */
 
 /*
  * Various constants
diff --git a/library/error.c b/library/error.c
index a2de27563..4dc13a426 100644
--- a/library/error.c
+++ b/library/error.c
@@ -499,6 +499,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
             mbedtls_snprintf( buf, buflen, "SSL - Couldn't set the hash for verifying CertificateVerify" );
         if( use_ret == -(MBEDTLS_ERR_SSL_CONTINUE_PROCESSING) )
             mbedtls_snprintf( buf, buflen, "SSL - Internal-only message signaling that further message-processing should be done" );
+        if( use_ret == -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) )
+            mbedtls_snprintf( buf, buflen, "SSL - A cryptographic operation is in progress. Try again later" );
 #endif /* MBEDTLS_SSL_TLS_C */
 
 #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 7a6ffe044..1937ec519 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2055,6 +2055,10 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl,
                                   (const unsigned char **) p, end ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, ( "mbedtls_ecdh_read_params" ), ret );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+                ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+#endif
         return( ret );
     }
 
@@ -2619,6 +2623,10 @@ start_processing:
                 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                                 MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+                ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+#endif
             return( ret );
         }
     }
@@ -2933,6 +2941,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl )
         if( ret != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_make_public", ret );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+                ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+#endif
             return( ret );
         }
 
@@ -2956,6 +2968,10 @@ ecdh_calc_secret:
                                        ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
         {
             MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+                ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+#endif
             return( ret );
         }
 
@@ -3313,6 +3329,10 @@ sign:
                          ssl->conf->f_rng, ssl->conf->p_rng, rs_ctx ) ) != 0 )
     {
         MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
+#if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
+        if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            ret = MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS;
+#endif
         return( ret );
     }
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8364eb868..2ebf12877 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4683,7 +4683,7 @@ crt_verify:
 
 #if defined(MBEDTLS_SSL__ECP_RESTARTABLE)
         if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
-            return( ret );
+            return( MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS );
 #endif
 
         /*
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index b11bedd46..0e3e1ed07 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1516,7 +1516,7 @@ int main( int argc, char *argv[] )
     {
         if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
             ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
-            ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+            ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
         {
             mbedtls_printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n",
                             -ret );
@@ -1533,7 +1533,7 @@ int main( int argc, char *argv[] )
         }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
                 continue;
 #endif
 
@@ -1630,7 +1630,7 @@ int main( int argc, char *argv[] )
         {
             if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
                 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
-                ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+                ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
             {
                 mbedtls_printf( " failed\n  ! mbedtls_ssl_renegotiate returned %d\n\n",
                                 ret );
@@ -1695,7 +1695,7 @@ send_request:
             {
                 if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
                     ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
-                    ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+                    ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
                 {
                     mbedtls_printf( " failed\n  ! mbedtls_ssl_write returned -0x%x\n\n",
                                     -ret );
@@ -1721,7 +1721,7 @@ send_request:
             ret = mbedtls_ssl_write( &ssl, buf, len );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
                 continue;
 #endif
 
@@ -1779,7 +1779,7 @@ send_request:
             ret = mbedtls_ssl_read( &ssl, buf, len );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
                 continue;
 #endif
 
@@ -1844,7 +1844,7 @@ send_request:
             ret = mbedtls_ssl_read( &ssl, buf, len );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-            if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
+            if( ret == MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
                 continue;
 #endif
 
@@ -1911,7 +1911,7 @@ send_request:
         {
             if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
                 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
-                ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+                ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
             {
                 mbedtls_printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n",
                                 -ret );
@@ -2010,7 +2010,7 @@ reconnect:
         {
             if( ret != MBEDTLS_ERR_SSL_WANT_READ &&
                 ret != MBEDTLS_ERR_SSL_WANT_WRITE &&
-                ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
+                ret != MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS )
             {
                 mbedtls_printf( " failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n",
                                 -ret );