diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 80917956e..00ae9fcc3 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3212,6 +3212,7 @@ static int ssl_reassemble_dtls_handshake( mbedtls_ssl_context *ssl )
 
     memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
 
+    mbedtls_zeroize( ssl->handshake->hs_msg, ssl->in_hslen );
     mbedtls_free( ssl->handshake->hs_msg );
     ssl->handshake->hs_msg = NULL;