diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
index 8ba3e8e39..9f964dabe 100644
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -1552,6 +1552,15 @@ done:
 }
 
 
+void
+ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
+{
+     SSL_CTX_remove_session(ssl, sess);
+
+     ngx_ssl_remove_session(ssl, sess);
+}
+
+
 static void
 ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
 {
@@ -1567,6 +1576,10 @@ ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
 
     shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
 
+    if (shm_zone == NULL) {
+        return;
+    }
+
     cache = shm_zone->data;
 
     id = sess->session_id;
diff --git a/src/event/ngx_event_openssl.h b/src/event/ngx_event_openssl.h
index e027dde86..b9771c121 100644
--- a/src/event/ngx_event_openssl.h
+++ b/src/event/ngx_event_openssl.h
@@ -105,6 +105,7 @@ ngx_int_t ngx_ssl_session_cache(ngx_ssl_t *ssl, ngx_str_t *sess_ctx,
 ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
     ngx_uint_t flags);
 
+void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
 ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
 #define ngx_ssl_get_session(c)      SSL_get1_session(c->ssl->connection)
 #define ngx_ssl_free_session        SSL_SESSION_free
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 8c72659d3..d87f77d54 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1430,6 +1430,10 @@ ngx_http_process_request(ngx_http_request_t *r)
                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
                               "client SSL certificate verify error: (%l:%s)",
                               rc, X509_verify_cert_error_string(rc));
+
+                ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+                                       (SSL_get0_session(c->ssl->connection)));
+
                 ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
                 return;
             }
@@ -1439,6 +1443,10 @@ ngx_http_process_request(ngx_http_request_t *r)
             {
                 ngx_log_error(NGX_LOG_INFO, c->log, 0,
                               "client sent no required SSL certificate");
+
+                ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+                                       (SSL_get0_session(c->ssl->connection)));
+
                 ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
                 return;
             }