diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7c1a60c3e..d70ef4c37 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1554,39 +1554,7 @@ reset:
 #endif
 
     if( client_fd != -1 )
-    {
-#if defined(POLARSSL_SSL_PROTO_DTLS)
-        if( opt.transport == SSL_TRANSPORT_DATAGRAM )
-        {
-            /* Keep the connection open if waiting for client to continue */
-            if( ret != POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED )
-            {
-                net_close( client_fd );
-
-                /*
-                 * With UDP, client_fd == bind_fd, so we just closed bind_fd.
-                 * Bind it again. (We really want to close it, to empty the
-                 * message queue.)
-                 */
-                printf( "  . Bind on udp://%s:%-4d/ ...",
-                        opt.server_addr ? opt.server_addr : "*",
-                        opt.server_port );
-                fflush( stdout );
-
-                if( ( ret = net_bind( &listen_fd, opt.server_addr,
-                                      opt.server_port, NET_PROTO_UDP ) ) != 0 )
-                {
-                    printf( " failed\n  ! net_bind returned -0x%x\n\n", -ret );
-                    goto exit;
-                }
-
-                printf( " ok\n" );
-            }
-        }
-        else
-#endif /* POLARSSL_SSL_PROTO_DTLS */
         net_close( client_fd );
-    }
 
     ssl_session_reset( &ssl );
 
@@ -1649,6 +1617,28 @@ reset:
 
     printf( " ok\n" );
 
+    /*
+     * With UDP, bind_fd is hijacked by client_fd, so bind a new one
+     */
+#if defined(POLARSSL_SSL_PROTO_DTLS)
+    if( opt.transport == SSL_TRANSPORT_DATAGRAM )
+    {
+        printf( "  . Re-bind on udp://%s:%-4d/ ...",
+                opt.server_addr ? opt.server_addr : "*",
+                opt.server_port );
+        fflush( stdout );
+
+        if( ( ret = net_bind( &listen_fd, opt.server_addr,
+                              opt.server_port, NET_PROTO_UDP ) ) != 0 )
+        {
+            printf( " failed\n  ! net_bind returned -0x%x\n\n", -ret );
+            goto exit;
+        }
+
+        printf( " ok\n" );
+    }
+#endif /* POLARSSL_SSL_PROTO_DTLS */
+
     /*
      * 4. Handshake
      */
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a4e61bc91..09a94f170 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2170,7 +2170,6 @@ run_test    "DTLS proxy: reference" \
             -S "record from another epoch" \
             -C "discarding invalid record" \
             -S "discarding invalid record" \
-            -C "resend" \
             -S "resend" \
             -s "Extra-header:" \
             -c "HTTP/1.0 200 OK"
@@ -2185,7 +2184,6 @@ run_test    "DTLS proxy: duplicate every packet" \
             -s "replayed record" \
             -c "discarding invalid record" \
             -s "discarding invalid record" \
-            -C "resend" \
             -S "resend" \
             -s "Extra-header:" \
             -c "HTTP/1.0 200 OK"