DTLS RFC4347 says HelloVerifyRequest resets Finished MAC.
diff --git a/ssl/d1_clnt.c b/ssl/d1_clnt.c
index 55ed884..1623a2a 100644
--- a/ssl/d1_clnt.c
+++ b/ssl/d1_clnt.c
@@ -213,8 +213,6 @@
/* don't push the buffering BIO quite yet */
- ssl3_init_finished_mac(s);
-
s->state=SSL3_ST_CW_CLNT_HELLO_A;
s->ctx->stats.sess_connect++;
s->init_num=0;
@@ -226,6 +224,10 @@
case SSL3_ST_CW_CLNT_HELLO_B:
s->shutdown=0;
+
+ /* every DTLS ClientHello resets Finished MAC */
+ ssl3_init_finished_mac(s);
+
ret=dtls1_client_hello(s);
if (ret <= 0) goto end;
