diff --git a/ChangeLog b/ChangeLog
index a2505aaf31..5d48ef84ff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -33,6 +33,8 @@ Bugfix
    * Programs rsa_sign_pss and rsa_verify_pss were not using PSS since 1.3.0
    * Bignum's MIPS-32 assembly was used on MIPS-64, causing chaos. (Found by
      Alex Wilson.)
+   * Fixed bug in ssl_cache: when max_entries = 0 and TIMING_C is enabled,
+     entries would still be created.
 
 = PolarSSL 1.3.4 released on 2014-01-27
 Features
diff --git a/include/polarssl/ssl_cache.h b/include/polarssl/ssl_cache.h
index daa07acb63..16144fee87 100644
--- a/include/polarssl/ssl_cache.h
+++ b/include/polarssl/ssl_cache.h
@@ -106,7 +106,7 @@ int ssl_cache_set( void *data, const ssl_session *session );
  *                 A timeout of 0 indicates no timeout.
  *
  * \param cache    SSL cache context
- * \param timeout  cache entry timeout
+ * \param timeout  cache entry timeout in seconds
  */
 void ssl_cache_set_timeout( ssl_cache_context *cache, int timeout );
 #endif /* POLARSSL_HAVE_TIME */
diff --git a/library/ssl_cache.c b/library/ssl_cache.c
index 6fff54b327..d94a7d9f43 100644
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@@ -186,8 +186,14 @@ int ssl_cache_set( void *data, const ssl_session *session )
         /*
          * Reuse oldest entry if max_entries reached
          */
-        if( old != NULL && count >= cache->max_entries )
+        if( count >= cache->max_entries )
         {
+            if( old == NULL )
+            {
+                ret = 1;
+                goto exit;
+            }
+
             cur = old;
             memset( &cur->session, 0, sizeof(ssl_session) );
 #if defined(POLARSSL_X509_CRT_PARSE_C)
@@ -228,6 +234,9 @@ int ssl_cache_set( void *data, const ssl_session *session )
 #endif /* POLARSSL_HAVE_TIME */
         else
         {
+            /*
+             * max_entries not reached, create new entry
+             */
             cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) );
             if( cur == NULL )
             {