diff --git a/ChangeLog b/ChangeLog
index c6f90a299..86a77279a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ Changes
    * Allow enabling of dummy error_strerror() to support some use-cases
    * Debug messages about padding errors during SSL message decryption are
      disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL 
+   * Sending of security-relevant alert messages that do not break
+     interoperability can be switched on/off with the flag
+	 POLARSSL_SSL_ALL_ALERT_MESSAGES
 
 Security
    * Removed timing differences during SSL message decryption in
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index e7de136f7..456c77c74 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -238,6 +238,20 @@
  */
 #define POLARSSL_SELF_TEST
 
+/**
+ * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
+ *
+ * Enable sending of alert messages in case of encountered errors as per RFC.
+ * If you choose not to send the alert messages, PolarSSL can still communicate
+ * with other servers, only debugging of failures is harder.
+ *
+ * The advantage of not sending alert messages, is that no information is given
+ * about reasons for failures thus preventing adversaries of gaining intel.
+ *
+ * Enable sending of all alert messages
+ */
+#define POLARSSL_SSL_ALERT_MESSAGES
+
 /**
  * \def POLARSSL_SSL_DEBUG_ALL
  *
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0fae076ab..4194ac05c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1975,6 +1975,14 @@ int ssl_read_record( ssl_context *ssl )
     {
         if( ( ret = ssl_decrypt_buf( ssl ) ) != 0 )
         {
+#if defined(POLARSSL_SSL_ALERT_MESSAGES)
+            if( ret == POLARSSL_ERR_SSL_INVALID_MAC )
+            {
+                ssl_send_alert_message( ssl,
+                                        SSL_ALERT_LEVEL_FATAL,
+                                        SSL_ALERT_MSG_BAD_RECORD_MAC );
+            }
+#endif
             SSL_DEBUG_RET( 1, "ssl_decrypt_buf", ret );
             return( ret );
         }