diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 0f55d2652d3e21925001419cbfe69128d39adff8..6f578168101e3d98f486fbe44daa10cad577b412 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -1615,8 +1615,9 @@ static int tls_early_post_process_client_hello(SSL *s, int *pal)
             al = SSL_AD_HANDSHAKE_FAILURE;
             goto err;
         }
-        if (s->hello_retry_request && s->s3->tmp.new_cipher != NULL
-                && s->s3->tmp.new_cipher->id != cipher->id) {
+        if (s->hello_retry_request
+                && (s->s3->tmp.new_cipher == NULL
+                    || s->s3->tmp.new_cipher->id != cipher->id)) {
             /*
              * A previous HRR picked a different ciphersuite to the one we
              * just selected. Something must have changed.