diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7f2041b51..8af5f6429 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -112,7 +112,12 @@
 
 #define MAX_PSK_LEN     256
 
-/* Size of the basic I/O buffer. Able to hold our default response. */
+/*
+ * Size of the basic I/O buffer. Able to hold our default response.
+ *
+ * You will need to adapt the ssl_get_bytes_avail() test in ssl-opt.sh
+ * if you change this value to something outside the range <= 100 or > 500
+ */
 #define IO_BUF_LEN      200
 
 /*
@@ -1491,9 +1496,10 @@ reset:
             memset( larger_buf, 0, ori_len + extra_len );
             memcpy( larger_buf, buf, ori_len );
 
-            /* This read should never fail */
+            /* This read should never fail and get the whole cached data */
             ret = ssl_read( &ssl, larger_buf + ori_len, extra_len );
-            if( ret != extra_len )
+            if( ret != extra_len ||
+                ssl_get_bytes_avail( &ssl ) != 0 )
             {
                 printf( "  ! ssl_read failed on cached data\n" );
                 ret = 1;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 724e2de25..9ec123c94 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1352,6 +1352,19 @@ run_test    "Per-version suites #4" \
             0 \
             -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
 
+# Tests for ssl_get_bytes_avail()
+
+run_test    "ssl_get_bytes_avail #1 (no extra data)" \
+            "$P_SRV" \
+            "$P_CLI request_size=100" \
+            0 \
+            -s "Read from client: 100 bytes read$"
+
+run_test    "ssl_get_bytes_avail #2 (extra data)" \
+            "$P_SRV" \
+            "$P_CLI request_size=500" \
+            0 \
+            -s "Read from client: 500 bytes read (.*+.*)"
 
 # Final report