diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index abca55fb6..b13a4076f 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -2201,6 +2201,7 @@
 //#define SSL_MAX_CONTENT_LEN             16384 /**< Size of the input / output buffer */
 //#define SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define POLARSSL_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define POLARSSL_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
 
 /**
  * Complete list of ciphersuites to use, in order of preference.
diff --git a/include/polarssl/ssl_cookie.h b/include/polarssl/ssl_cookie.h
index 7db00c2f8..9a714438d 100644
--- a/include/polarssl/ssl_cookie.h
+++ b/include/polarssl/ssl_cookie.h
@@ -36,6 +36,9 @@
  * Either change them in config.h or define them on the compiler command line.
  * \{
  */
+#ifndef POLARSSL_SSL_COOKIE_TIMEOUT
+#define POLARSSL_SSL_COOKIE_TIMEOUT     60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+#endif
 
 /* \} name SECTION: Module settings */
 
@@ -48,10 +51,13 @@ extern "C" {
  */
 typedef struct
 {
-    md_context_t    hmac_ctx;       /*!< context for the HMAC portion   */
+    md_context_t    hmac_ctx;   /*!< context for the HMAC portion   */
 #if !defined(POLARSSL_HAVE_TIME)
-    unsigned long   serial;         /*!< serial number for expiration   */
+    unsigned long   serial;     /*!< serial number for expiration   */
 #endif
+    unsigned long   timeout;    /*!< timeout delay, in seconds if HAVE_TIME,
+                                     or in number of tickets issued */
+
 } ssl_cookie_ctx;
 
 /**
@@ -66,6 +72,17 @@ int ssl_cookie_setup( ssl_cookie_ctx *ctx,
                       int (*f_rng)(void *, unsigned char *, size_t),
                       void *p_rng );
 
+/**
+ * \brief          Set expiration delay for cookies
+ *                 (Default POLARSSL_SSL_COOKIE_TIMEOUT)
+ *
+ * \param ctx      Cookie contex
+ * \param delay    Delay, in seconds if HAVE_TIME, or in number of cookies
+ *                 issued in the meantime.
+ *                 0 to disable expiration (NOT recommended)
+ */
+void ssl_cookie_set_timeout( ssl_cookie_ctx *ctx, unsigned long delay );
+
 /**
  * \brief          Free cookie context
  */
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index fa0aabc27..7e1df42db 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -76,14 +76,18 @@ static void polarssl_zeroize( void *v, size_t n ) {
  */
 #define COOKIE_LEN      ( 4 + COOKIE_HMAC_LEN )
 
-#define COOKIE_TIMEOUT  60
-
 void ssl_cookie_init( ssl_cookie_ctx *ctx )
 {
     md_init( &ctx->hmac_ctx );
 #if !defined(POLARSSL_HAVE_TIME)
     ctx->serial = 0;
 #endif
+    ctx->timeout = POLARSSL_SSL_COOKIE_TIMEOUT;
+}
+
+void ssl_cookie_set_timeout( ssl_cookie_ctx *ctx, unsigned long delay )
+{
+    ctx->timeout = delay;
 }
 
 void ssl_cookie_free( ssl_cookie_ctx *ctx )
@@ -211,7 +215,7 @@ int ssl_cookie_check( void *p_ctx,
                   ( (unsigned long) cookie[2] <<  8 ) |
                   ( (unsigned long) cookie[3]       );
 
-    if( cur_time - cookie_time > COOKIE_TIMEOUT )
+    if( ctx->timeout != 0 && cur_time - cookie_time > ctx->timeout )
         return( -1 );
 
     return( 0 );