diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 2d54172818..fd01aacac7 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -57,6 +57,16 @@ typedef enum {
     MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET = 1,
 } mbedtls_ssl_context_flags_t;
 
+/** Flags from ::mbedtls_ssl_context_flags_t to keep in
+ * mbedtls_ssl_session_reset().
+ *
+ * The flags that are in this list are kept until explicitly updated or
+ * until mbedtls_ssl_free(). The flags that are not listed here are
+ * reset to 0 in mbedtls_ssl_session_reset().
+ */
+#define MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION       \
+    (MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET)
+
 #define MBEDTLS_SSL_INITIAL_HANDSHAKE           0
 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1   /* In progress */
 #define MBEDTLS_SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 6c401b59bd..0b072e6a76 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1411,7 +1411,7 @@ int mbedtls_ssl_session_reset_int(mbedtls_ssl_context *ssl, int partial)
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
-    ssl->flags = 0;
+    ssl->flags &= MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION;
     ssl->tls_version = ssl->conf->max_tls_version;
 
     mbedtls_ssl_session_reset_msg_layer(ssl, partial);