diff --git a/CMakeLists.txt b/CMakeLists.txt
index c53292f0..c3c78029 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -764,7 +764,7 @@ endif()
 #
 set(CPACK_PACKAGE_NAME "GmSSL")
 set(CPACK_PACKAGE_VENDOR "GmSSL develop team")
-set(CPACK_PACKAGE_VERSION "3.2.0-dev.1052")
+set(CPACK_PACKAGE_VERSION "3.2.0-dev.1053")
 set(CPACK_PACKAGE_DESCRIPTION_FILE ${PROJECT_SOURCE_DIR}/README.md)
 set(CPACK_NSIS_MODIFY_PATH ON)
 include(CPack)
diff --git a/include/gmssl/version.h b/include/gmssl/version.h
index 5b3895a2..03000f82 100644
--- a/include/gmssl/version.h
+++ b/include/gmssl/version.h
@@ -18,7 +18,7 @@ extern "C" {
 
 
 #define GMSSL_VERSION_NUM	30200
-#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1052"
+#define GMSSL_VERSION_STR	"GmSSL 3.2.0-dev.1053"
 
 int gmssl_version_num(void);
 const char *gmssl_version_str(void);
diff --git a/src/tlcp.c b/src/tlcp.c
index 40b4c861..5f4208d1 100644
--- a/src/tlcp.c
+++ b/src/tlcp.c
@@ -2247,6 +2247,12 @@ int tlcp_recv_client_key_exchange(TLS_CONNECT *conn)
 		tls_send_alert(conn, TLS_alert_decrypt_error);
 		return -1;
 	}
+	if ((((uint16_t)conn->pre_master_secret[0] << 8) | conn->pre_master_secret[1])
+		!= TLS_protocol_tlcp) {
+		error_print();
+		tls_send_alert(conn, TLS_alert_decrypt_error);
+		return -1;
+	}
 	if (digest_update(&conn->dgst_ctx, conn->record + 5, conn->recordlen - 5) != 1) {
 		error_print();
 		return -1;