diff --git a/include/polarssl/check_config.h b/include/polarssl/check_config.h
index 9fa19c834..56d84414b 100644
--- a/include/polarssl/check_config.h
+++ b/include/polarssl/check_config.h
@@ -263,6 +263,10 @@
 #error "Illegal protocol selection"
 #endif
 
+#if defined(POLARSSL_SSL_COOKIE_C) && !defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
+#error "POLARSSL_SSL_COOKIE_C  defined, but not all prerequisites"
+#endif
+
 #if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY) &&                              \
     ( !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_SSL_PROTO_DTLS) )
 #error "POLARSSL_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 4988f39f6..abca55fb6 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -1930,6 +1930,18 @@
  */
 #define POLARSSL_SSL_CACHE_C
 
+/**
+ * \def POLARSSL_SSL_COOKIE_C
+ *
+ * Enable basic implementation of DTLS cookies for hello verification.
+ *
+ * Module:  library/ssl_cookie.c
+ * Caller:
+ *
+ * Requires: POLARSSL_SSL_DTLS_HELLO_VERIFY
+ */
+#define POLARSSL_SSL_COOKIE_C
+
 /**
  * \def POLARSSL_SSL_CLI_C
  *
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index abf9e15fc..86cdc12ac 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -33,7 +33,7 @@
 #include POLARSSL_CONFIG_FILE
 #endif
 
-#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
+#if defined(POLARSSL_SSL_COOKIE_C)
 
 #include "polarssl/ssl_cookie.h"
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3186accd1..62eea2887 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -81,7 +81,7 @@ int main( int argc, char *argv[] )
 #include "polarssl/ssl_cache.h"
 #endif
 
-#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
+#if defined(POLARSSL_SSL_COOKIE_C)
 #include "polarssl/ssl_cookie.h"
 #endif
 
@@ -605,7 +605,7 @@ int main( int argc, char *argv[] )
 #endif
     const char *pers = "ssl_server2";
     unsigned char client_ip[16] = { 0 };
-#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
+#if defined(POLARSSL_SSL_COOKIE_C)
     ssl_cookie_ctx cookie_ctx;
 #endif
 
@@ -665,7 +665,7 @@ int main( int argc, char *argv[] )
 #if defined(POLARSSL_SSL_ALPN)
     memset( (void *) alpn_list, 0, sizeof( alpn_list ) );
 #endif
-#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
+#if defined(POLARSSL_SSL_COOKIE_C)
     ssl_cookie_init( &cookie_ctx );
 #endif
 
@@ -1354,7 +1354,7 @@ int main( int argc, char *argv[] )
         ssl_set_session_ticket_lifetime( &ssl, opt.ticket_timeout );
 #endif
 
-#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
+#if defined(POLARSSL_SSL_COOKIE_C)
     if( opt.transport == SSL_TRANSPORT_DATAGRAM )
     {
         if( ( ret = ssl_cookie_setup( &cookie_ctx,
@@ -1860,7 +1860,7 @@ exit:
 #if defined(POLARSSL_SSL_CACHE_C)
     ssl_cache_free( &cache );
 #endif
-#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
+#if defined(POLARSSL_SSL_COOKIE_C)
     ssl_cookie_free( &cookie_ctx );
 #endif