Index: ssl/d1_clnt.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/d1_clnt.c,v
retrieving revision 1.16.2.15.2.6
diff -u -r1.16.2.15.2.6 d1_clnt.c
--- ssl/d1_clnt.c	31 Dec 2011 23:00:35 -0000	1.16.2.15.2.6
+++ ssl/d1_clnt.c	2 Mar 2012 12:02:05 -0000
@@ -329,7 +329,6 @@
 			if (ret <= 0) goto end;
 			else
 				{
-				dtls1_stop_timer(s);
 				if (s->hit)
 					{
 #ifndef OPENSSL_NO_SCTP
@@ -440,6 +439,7 @@
 		case SSL3_ST_CR_SRVR_DONE_B:
 			ret=ssl3_get_server_done(s);
 			if (ret <= 0) goto end;
+			dtls1_stop_timer(s);
 			if (s->s3->tmp.cert_req)
 				s->s3->tmp.next_state=SSL3_ST_CW_CERT_A;
 			else
Index: ssl/d1_srvr.c
===================================================================
RCS file: /v/openssl/cvs/openssl/ssl/d1_srvr.c,v
retrieving revision 1.20.2.16.2.13
diff -u -r1.20.2.16.2.13 d1_srvr.c
--- ssl/d1_srvr.c	31 Dec 2011 23:00:35 -0000	1.20.2.16.2.13
+++ ssl/d1_srvr.c	2 Mar 2012 12:02:05 -0000
@@ -591,15 +591,16 @@
 			ret = ssl3_check_client_hello(s);
 			if (ret <= 0)
 				goto end;
-			dtls1_stop_timer(s);
 			if (ret == 2)
+				{
+				dtls1_stop_timer(s);
 				s->state = SSL3_ST_SR_CLNT_HELLO_C;
+				}
 			else {
 				/* could be sent for a DH cert, even if we
 				 * have not asked for it :-) */
 				ret=ssl3_get_client_certificate(s);
 				if (ret <= 0) goto end;
-				dtls1_stop_timer(s);
 				s->init_num=0;
 				s->state=SSL3_ST_SR_KEY_EXCH_A;
 			}
@@ -609,7 +610,6 @@
 		case SSL3_ST_SR_KEY_EXCH_B:
 			ret=ssl3_get_client_key_exchange(s);
 			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
 #ifndef OPENSSL_NO_SCTP
 			/* Add new shared key for SCTP-Auth,
 			 * will be ignored if no SCTP used.
@@ -661,7 +661,6 @@
 			/* we should decide if we expected this one */
 			ret=ssl3_get_cert_verify(s);
 			if (ret <= 0) goto end;
-			dtls1_stop_timer(s);
 #ifndef OPENSSL_NO_SCTP
 			if (BIO_dgram_is_sctp(SSL_get_wbio(s)) &&
 			    state == SSL_ST_RENEGOTIATE)