diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index f0b1ec1bb9..de517d6a14 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -248,6 +248,13 @@
 
 /*
  * DTLS retransmission states, see RFC 6347 4.2.4
+ *
+ * Warning: the state is sometimes explicit sometimes implicit!
+ * - PREPARING is explicit (but could be implicit from ssl->state)
+ * - SENDING is merged in PREPARING for initial sends, explicit for resends
+ * - WAITING is usually implicit from ssl->state, except after resend
+ * - FINISHED is explicit (but could be implicit from state)
+ * TODO-DTLS: clean that up
  */
 #define SSL_RETRANS_PREPARING       0
 #define SSL_RETRANS_SENDING         1
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 04c199e676..333e58e2c1 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2206,7 +2206,10 @@ int ssl_resend( ssl_context *ssl )
         }
     }
 
-    ssl->handshake->retransmit_state = SSL_RETRANS_WAITING;
+    if( ssl->state == SSL_HANDSHAKE_OVER )
+        ssl->handshake->retransmit_state = SSL_RETRANS_FINISHED;
+    else
+        ssl->handshake->retransmit_state = SSL_RETRANS_WAITING;
 
     SSL_DEBUG_MSG( 2, ( "<= ssl_resend" ) );