diff --git a/ChangeLog b/ChangeLog
index 9ce5b8399..89d159ffd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,7 @@ Security
      "triple handshake" attack when authentication mode is optional (the
      attack was already impossible when authentication is required).
    * Check notBefore timestamp of certificates and CRLs from the future.
+   * Forbid sequence number wrapping
 
 Bugfix
    * ecp_gen_keypair() does more tries to prevent failure because of
diff --git a/include/polarssl/error.h b/include/polarssl/error.h
index 33a2c88ea..ae460142f 100644
--- a/include/polarssl/error.h
+++ b/include/polarssl/error.h
@@ -89,7 +89,7 @@
  * ECP       4   7 (Started from top)
  * MD        5   4
  * CIPHER    6   6
- * SSL       6   8 (Started from top)
+ * SSL       6   9 (Started from top)
  * SSL       7   31
  *
  * Module dependent error code (5 bits 0x.00.-0x.F8.)
diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h
index d610052c9..1904ac908 100644
--- a/include/polarssl/ssl.h
+++ b/include/polarssl/ssl.h
@@ -139,6 +139,7 @@
 #define POLARSSL_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00  /**< Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
 #define POLARSSL_ERR_SSL_UNKNOWN_IDENTITY                  -0x6C80  /**< Unkown identity received (eg, PSK identity) */
 #define POLARSSL_ERR_SSL_INTERNAL_ERROR                    -0x6C00  /**< Internal error (eg, unexpected failure in lower-level module) */
+#define POLARSSL_ERR_SSL_COUNTER_WRAPPING                  -0x6B80  /**< A counter would wrap (eg, too many messages exchanged). */
 
 /*
  * Various constants
diff --git a/library/error.c b/library/error.c
index 64dc0f525..4aa167f61 100644
--- a/library/error.c
+++ b/library/error.c
@@ -433,6 +433,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
             snprintf( buf, buflen, "SSL - Unkown identity received (eg, PSK identity)" );
         if( use_ret == -(POLARSSL_ERR_SSL_INTERNAL_ERROR) )
             snprintf( buf, buflen, "SSL - Internal error (eg, unexpected failure in lower-level module)" );
+        if( use_ret == -(POLARSSL_ERR_SSL_COUNTER_WRAPPING) )
+            snprintf( buf, buflen, "SSL - A counter would wrap (eg, too many messages exchanged)" );
 #endif /* POLARSSL_SSL_TLS_C */
 
 #if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 4f3095caa..20cb9bdc7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1309,6 +1309,13 @@ static int ssl_encrypt_buf( ssl_context *ssl )
         if( ++ssl->out_ctr[i - 1] != 0 )
             break;
 
+    /* The loops goes to its end iff the counter is wrapping */
+    if( i == 0 )
+    {
+        SSL_DEBUG_MSG( 1, ( "outgoing message counter would wrap" ) );
+        return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
+    }
+
     SSL_DEBUG_MSG( 2, ( "<= encrypt buf" ) );
 
     return( 0 );
@@ -1775,6 +1782,13 @@ static int ssl_decrypt_buf( ssl_context *ssl )
         if( ++ssl->in_ctr[i - 1] != 0 )
             break;
 
+    /* The loops goes to its end iff the counter is wrapping */
+    if( i == 0 )
+    {
+        SSL_DEBUG_MSG( 1, ( "incoming message counter would wrap" ) );
+        return( POLARSSL_ERR_SSL_COUNTER_WRAPPING );
+    }
+
     SSL_DEBUG_MSG( 2, ( "<= decrypt buf" ) );
 
     return( 0 );