diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 7fac0ab0a..92c99fb5b 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1683,17 +1683,26 @@ reset:
     printf( "  . Performing the SSL/TLS handshake..." );
     fflush( stdout );
 
-    while( ( ret = ssl_handshake( &ssl ) ) != 0 )
-    {
-        if( ret != POLARSSL_ERR_NET_WANT_READ && ret != POLARSSL_ERR_NET_WANT_WRITE )
-        {
-            printf( " failed\n  ! ssl_handshake returned -0x%x\n\n", -ret );
-            goto reset;
-        }
-    }
+    do ret = ssl_handshake( &ssl );
+    while( ret == POLARSSL_ERR_NET_WANT_READ ||
+           ret == POLARSSL_ERR_NET_WANT_WRITE );
 
-    printf( " ok\n    [ Protocol is %s ]\n    [ Ciphersuite is %s ]\n",
-            ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
+    if( ret == POLARSSL_ERR_SSL_HELLO_VERIFY_REQUIRED )
+    {
+        printf( " hello verification requested\n" );
+        ret = 0;
+        goto reset;
+    }
+    else if( ret != 0 )
+    {
+        printf( " failed\n  ! ssl_handshake returned -0x%x\n\n", -ret );
+        goto reset;
+    }
+    else /* ret == 0 */
+    {
+        printf( " ok\n    [ Protocol is %s ]\n    [ Ciphersuite is %s ]\n",
+                ssl_get_version( &ssl ), ssl_get_ciphersuite( &ssl ) );
+    }
 
 #if defined(POLARSSL_SSL_ALPN)
     if( opt.alpn_string != NULL )
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index e9a097141..c6f170ae7 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2046,6 +2046,7 @@ run_test    "DTLS cookie: enabled" \
             -s "cookie verification passed" \
             -S "cookie verification skipped" \
             -c "received hello verify request" \
+            -s "hello verification requested" \
             -S "SSL - The requested feature is not available"
 
 run_test    "DTLS cookie: disabled" \
@@ -2056,18 +2057,19 @@ run_test    "DTLS cookie: disabled" \
             -S "cookie verification passed" \
             -s "cookie verification skipped" \
             -C "received hello verify request" \
+            -S "hello verification requested" \
             -S "SSL - The requested feature is not available"
 
-# wait for client having a timeout, or server sending an alert
-#run_test    "DTLS cookie: default (failing)" \
-#            "$P_SRV dtls=1 debug_level=2 cookies=-1" \
-#            "$P_CLI dtls=1 debug_level=2" \
-#            0 \
-#            -S "cookie verification failed" \
-#            -S "cookie verification passed" \
-#            -S "cookie verification skipped" \
-#            -C "received hello verify request" \
-#            -s "SSL - The requested feature is not available"
+run_test    "DTLS cookie: default (failing)" \
+            "$P_SRV dtls=1 debug_level=2 cookies=-1" \
+            "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
+            1 \
+            -s "cookie verification failed" \
+            -S "cookie verification passed" \
+            -S "cookie verification skipped" \
+            -C "received hello verify request" \
+            -S "hello verification requested" \
+            -s "SSL - The requested feature is not available"
 
 requires_ipv6
 run_test    "DTLS cookie: enabled, IPv6" \
@@ -2078,6 +2080,7 @@ run_test    "DTLS cookie: enabled, IPv6" \
             -s "cookie verification passed" \
             -S "cookie verification skipped" \
             -c "received hello verify request" \
+            -s "hello verification requested" \
             -S "SSL - The requested feature is not available"
 
 run_test    "DTLS cookie: enabled, nbio" \
@@ -2088,6 +2091,7 @@ run_test    "DTLS cookie: enabled, nbio" \
             -s "cookie verification passed" \
             -S "cookie verification skipped" \
             -c "received hello verify request" \
+            -s "hello verification requested" \
             -S "SSL - The requested feature is not available"
 
 # Tests for various cases of client authentication with DTLS