diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 5c6832e044..94e61a8aca 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -882,6 +882,20 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl)
         return ret;
     }
 
+    /*
+     * Update the handshake checksum.
+     *
+     * Note that the checksum must be updated before parsing the extensions
+     * because ssl_parse_session_ticket_ext() may decrypt the ticket in place
+     * and therefore modify the ClientHello message. This occurs when using
+     * the Mbed TLS ssl_ticket.c implementation.
+     */
+    ret = mbedtls_ssl_update_handshake_status(ssl);
+    if (0 != ret) {
+        MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret);
+        return ret;
+    }
+
     buf = ssl->in_msg;
     msg_len = ssl->in_hslen;
 
@@ -1087,21 +1101,6 @@ static int ssl_parse_client_hello(mbedtls_ssl_context *ssl)
         ext_len = 0;
     }
 
-    /*
-     * Update the handshake checksum after performing preliminary
-     * validation of the ClientHello and before parsing its extensions.
-     *
-     * The checksum must be updated before parsing the extensions because
-     * ssl_parse_session_ticket_ext() may decrypt the ticket in place and
-     * therefore modify the ClientHello message. This occurs when using
-     * the Mbed TLS ssl_ticket.c implementation.
-     */
-    ret = mbedtls_ssl_update_handshake_status(ssl);
-    if (0 != ret) {
-        MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret);
-        return ret;
-    }
-
     ext = buf + ext_offset + 2;
     MBEDTLS_SSL_DEBUG_BUF(3, "client hello extensions", ext, ext_len);