diff -up openssl-1.0.1e/ssl/d1_both.c.dtls1-dos2 openssl-1.0.1e/ssl/d1_both.c
--- openssl-1.0.1e/ssl/d1_both.c.dtls1-dos2	2016-09-20 15:53:03.748445806 +0200
+++ openssl-1.0.1e/ssl/d1_both.c	2016-09-20 16:12:01.422861505 +0200
@@ -211,7 +211,7 @@ dtls1_hm_fragment_new(unsigned long frag
 	return frag;
 	}
 
-static void
+void
 dtls1_hm_fragment_free(hm_fragment *frag)
 	{
 
@@ -544,11 +544,26 @@ dtls1_retrieve_buffered_fragment(SSL *s,
 	int al;
 
 	*ok = 0;
-	item = pqueue_peek(s->d1->buffered_messages);
-	if ( item == NULL)
-		return 0;
+	do
+		{
+		item = pqueue_peek(s->d1->buffered_messages);
+		if (item == NULL)
+			return 0;
+
+		frag = (hm_fragment *)item->data;
+
+		if (frag->msg_header.seq < s->d1->handshake_read_seq)
+			{
+			/* This is a stale message that has been buffered so clear it */
+			pqueue_pop(s->d1->buffered_messages);
+			dtls1_hm_fragment_free(frag);
+			pitem_free(item);
+			item = NULL;
+			frag = NULL;
+			}
+		}
+	while (item == NULL);
 
-	frag = (hm_fragment *)item->data;
 	
 	/* Don't return if reassembly still in progress */
 	if (frag->reassembly != NULL)
@@ -1339,21 +1354,6 @@ dtls1_retransmit_message(SSL *s, unsigne
 	return ret;
 	}
 
-/* call this function when the buffered messages are no longer needed */
-void
-dtls1_clear_record_buffer(SSL *s)
-	{
-	pitem *item;
-
-	for(item = pqueue_pop(s->d1->sent_messages);
-		item != NULL; item = pqueue_pop(s->d1->sent_messages))
-		{
-		dtls1_hm_fragment_free((hm_fragment *)item->data);
-		pitem_free(item);
-		}
-	}
-
-
 unsigned char *
 dtls1_set_message_header(SSL *s, unsigned char *p, unsigned char mt,
 			unsigned long len, unsigned long frag_off, unsigned long frag_len)
diff -up openssl-1.0.1e/ssl/d1_clnt.c.dtls1-dos2 openssl-1.0.1e/ssl/d1_clnt.c
--- openssl-1.0.1e/ssl/d1_clnt.c.dtls1-dos2	2016-09-20 15:53:03.748445806 +0200
+++ openssl-1.0.1e/ssl/d1_clnt.c	2016-09-20 15:58:38.292200957 +0200
@@ -739,6 +739,7 @@ int dtls1_connect(SSL *s)
 			/* done with handshaking */
 			s->d1->handshake_read_seq  = 0;
 			s->d1->next_handshake_write_seq = 0;
+			dtls1_clear_received_buffer(s);
 			goto end;
 			/* break; */
 			
diff -up openssl-1.0.1e/ssl/d1_lib.c.dtls1-dos2 openssl-1.0.1e/ssl/d1_lib.c
--- openssl-1.0.1e/ssl/d1_lib.c.dtls1-dos2	2016-09-20 15:53:03.749445830 +0200
+++ openssl-1.0.1e/ssl/d1_lib.c	2016-09-20 16:18:10.046443374 +0200
@@ -133,7 +133,6 @@ int dtls1_new(SSL *s)
 static void dtls1_clear_queues(SSL *s)
 	{
     pitem *item = NULL;
-    hm_fragment *frag = NULL;
 	DTLS1_RECORD_DATA *rdata;
 
     while( (item = pqueue_pop(s->d1->unprocessed_rcds.q)) != NULL)
@@ -158,32 +157,45 @@ static void dtls1_clear_queues(SSL *s)
         pitem_free(item);
         }
 
-    while( (item = pqueue_pop(s->d1->buffered_messages)) != NULL)
-        {
+    while ((item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
+	{
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        if (rdata->rbuf.buf)
+		{
+		OPENSSL_free(rdata->rbuf.buf);
+		}
+        OPENSSL_free(item->data);
+        pitem_free(item);
+	}
+
+    dtls1_clear_received_buffer(s);
+    dtls1_clear_sent_buffer(s);
+	}
+
+void dtls1_clear_received_buffer(SSL *s)
+	{
+    pitem *item = NULL;
+    hm_fragment *frag = NULL;
+
+    while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL)
+	{
         frag = (hm_fragment *)item->data;
-        OPENSSL_free(frag->fragment);
-        OPENSSL_free(frag);
+        dtls1_hm_fragment_free(frag);
         pitem_free(item);
         }
+	}
 
-    while ( (item = pqueue_pop(s->d1->sent_messages)) != NULL)
-        {
+void dtls1_clear_sent_buffer(SSL *s)
+	{
+    pitem *item = NULL;
+    hm_fragment *frag = NULL;
+
+    while ((item = pqueue_pop(s->d1->sent_messages)) != NULL)
+	{
         frag = (hm_fragment *)item->data;
-        OPENSSL_free(frag->fragment);
-        OPENSSL_free(frag);
+        dtls1_hm_fragment_free(frag);
         pitem_free(item);
         }
-
-	while ( (item = pqueue_pop(s->d1->buffered_app_data.q)) != NULL)
-		{
-		rdata = (DTLS1_RECORD_DATA *) item->data;
-		if (rdata->rbuf.buf)
-			{
-			OPENSSL_free(rdata->rbuf.buf);
-			}
-		OPENSSL_free(item->data);
-		pitem_free(item);
-		}
 	}
 
 void dtls1_free(SSL *s)
@@ -410,7 +422,7 @@ void dtls1_stop_timer(SSL *s)
 	s->d1->timeout_duration = 1;
 	BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0, &(s->d1->next_timeout));
 	/* Clear retransmission buffer */
-	dtls1_clear_record_buffer(s);
+	dtls1_clear_sent_buffer(s);
 	}
 
 int dtls1_check_timeout_num(SSL *s)
diff -up openssl-1.0.1e/ssl/d1_pkt.c.dtls1-dos2 openssl-1.0.1e/ssl/d1_pkt.c
--- openssl-1.0.1e/ssl/d1_pkt.c.dtls1-dos2	2016-09-20 15:53:17.246758715 +0200
+++ openssl-1.0.1e/ssl/d1_pkt.c	2016-09-20 16:14:33.020390824 +0200
@@ -1900,6 +1900,12 @@ dtls1_reset_seq_numbers(SSL *s, int rw)
 		s->d1->r_epoch++;
 		memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
 		memset(&(s->d1->next_bitmap), 0x00, sizeof(DTLS1_BITMAP));
+
+		/*
+		 * We must not use any buffered messages received from the previous
+		 * epoch
+		 */
+		dtls1_clear_received_buffer(s);
 		}
 	else
 		{
diff -up openssl-1.0.1e/ssl/d1_srvr.c.dtls1-dos2 openssl-1.0.1e/ssl/d1_srvr.c
--- openssl-1.0.1e/ssl/d1_srvr.c.dtls1-dos2	2016-09-20 15:53:03.750445853 +0200
+++ openssl-1.0.1e/ssl/d1_srvr.c	2016-09-20 16:15:39.699943181 +0200
@@ -276,7 +276,7 @@ int dtls1_accept(SSL *s)
 		case SSL3_ST_SW_HELLO_REQ_B:
 
 			s->shutdown=0;
-			dtls1_clear_record_buffer(s);
+			dtls1_clear_sent_buffer(s);
 			dtls1_start_timer(s);
 			ret=dtls1_send_hello_request(s);
 			if (ret <= 0) goto end;
@@ -811,6 +811,7 @@ int dtls1_accept(SSL *s)
 			/* next message is server hello */
 			s->d1->handshake_write_seq = 0;
 			s->d1->next_handshake_write_seq = 0;
+			dtls1_clear_received_buffer(s);
 			goto end;
 			/* break; */
 
diff -up openssl-1.0.1e/ssl/ssl_locl.h.dtls1-dos2 openssl-1.0.1e/ssl/ssl_locl.h
--- openssl-1.0.1e/ssl/ssl_locl.h.dtls1-dos2	2016-09-20 15:53:03.751445876 +0200
+++ openssl-1.0.1e/ssl/ssl_locl.h	2016-09-20 16:11:36.288276350 +0200
@@ -974,7 +974,8 @@ int dtls1_retransmit_message(SSL *s, uns
 	unsigned long frag_off, int *found);
 int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
 int dtls1_retransmit_buffered_messages(SSL *s);
-void dtls1_clear_record_buffer(SSL *s);
+void dtls1_clear_received_buffer(SSL *s);
+void dtls1_clear_sent_buffer(SSL *s);
 void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr);
 void dtls1_get_ccs_header(unsigned char *data, struct ccs_header_st *ccs_hdr);
 void dtls1_reset_seq_numbers(SSL *s, int rw);
@@ -989,6 +990,7 @@ int dtls1_is_timer_expired(SSL *s);
 void dtls1_double_timeout(SSL *s);
 int dtls1_send_newsession_ticket(SSL *s);
 unsigned int dtls1_min_mtu(void);
+void dtls1_hm_fragment_free(hm_fragment *frag);
 
 /* some client-only functions */
 int ssl3_client_hello(SSL *s);