diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 16a6a13..aa8f1e3 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1298,7 +1298,6 @@
  * \param f_recv   read callback
  * \param f_recv_timeout read callback with timeout.
  *                 The last argument of the callback is the timeout in seconds
- * \param timeout  value of the mbedtls_ssl_read() timeout in milliseconds
  *
  * \note           f_recv_timeout is required for DTLS, unless f_recv performs
  *                 non-blocking reads.
@@ -1309,8 +1308,20 @@
         void *p_bio,
         int (*f_send)(void *, const unsigned char *, size_t),
         int (*f_recv)(void *, unsigned char *, size_t),
-        int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t),
-        uint32_t timeout );
+        int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) );
+
+/**
+ * \brief          Set the timeout period for mbedtls_ssl_read()
+ *                 (Default: no timeout.)
+ *
+ * \param conf     SSL configuration context
+ * \param timeout  Timeout value in milliseconds.
+ *                 Use 0 for no timeout (default).
+ *
+ * \note           With blocking I/O, this will only work if a non-NULL
+ *                 \c f_recv_timeout was set with \c mbedtls_ssl_set_bio_timeout().
+ */
+void mbedtls_ssl_set_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
 /**
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ad95a1f..f7ee5f2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5249,14 +5249,17 @@
         void *p_bio,
         int (*f_send)(void *, const unsigned char *, size_t),
         int (*f_recv)(void *, unsigned char *, size_t),
-        int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t),
-        uint32_t timeout )
+        int (*f_recv_timeout)(void *, unsigned char *, size_t, uint32_t) )
 {
     ssl->p_bio          = p_bio;
     ssl->f_send         = f_send;
     ssl->f_recv         = f_recv;
     ssl->f_recv_timeout = f_recv_timeout;
-    ssl->conf->read_timeout   = timeout;
+}
+
+void mbedtls_ssl_set_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout )
+{
+    conf->read_timeout   = timeout;
 }
 
 #if defined(MBEDTLS_SSL_SRV_C)
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 9f8fcbf..f8ecf07 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -191,8 +191,7 @@
     mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
 
     mbedtls_ssl_set_bio_timeout( &ssl, &server_fd,
-                         mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
-                         READ_TIMEOUT_MS );
+                         mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
 
     mbedtls_printf( " ok\n" );
 
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 9a925ec..2b53fbe 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -280,8 +280,7 @@
     }
 
     mbedtls_ssl_set_bio_timeout( &ssl, &client_fd,
-                         mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout,
-                         READ_TIMEOUT_MS );
+                         mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
 
     printf( " ok\n" );
 
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index d6ee570..dc41b39 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -250,7 +250,7 @@
         goto exit;
     }
 
-    mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
+    mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
 
     if( mbedtls_ssl_handshake( &ssl ) != 0 )
     {
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index d7cb141..14f089e 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -178,7 +178,7 @@
 
     mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
     mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
-    mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
+    mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
 
     /*
      * 4. Handshake
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index aaf22db..5d21450 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1119,16 +1119,16 @@
     mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
 
     if( opt.nbio == 2 )
-        mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, my_send, my_recv, NULL,
-                             opt.read_timeout );
+        mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, my_send, my_recv, NULL );
     else
         mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv,
 #if defined(MBEDTLS_HAVE_TIME)
-                             opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL,
+                             opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL
 #else
-                             NULL,
+                             NULL
 #endif
-                             opt.read_timeout );
+                );
+    mbedtls_ssl_set_read_timeout( &conf, opt.read_timeout );
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
     if( ( ret = mbedtls_ssl_set_session_tickets( &conf, opt.tickets ) ) != 0 )
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 50de5ef..91f0060 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -267,7 +267,7 @@
 
         mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
         mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
-        mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
+        mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
 
         mbedtls_ssl_set_ca_chain( &conf, srvcert.next, NULL );
         if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &srvcert, &pkey ) ) != 0 )
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index ab849a9..84ae22e 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -606,7 +606,7 @@
 
     mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
     mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
-    mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
+    mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
 
     if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER )
         mbedtls_ssl_set_ciphersuites( &conf, opt.force_ciphersuite );
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 1fc3262..7e576d4 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -197,7 +197,7 @@
 
     mbedtls_printf( "  [ #%d ]  ok\n", thread_id );
 
-        mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
+    mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
 
     mbedtls_printf( "  [ #%d ]  ok\n", thread_id );
 
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 61b9dc9..eb5a039 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -252,7 +252,7 @@
         goto exit;
     }
 
-        mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
+    mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
 
     mbedtls_printf( " ok\n" );
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 954ae43..87b4a2e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1819,15 +1819,16 @@
     }
 
     if( opt.nbio == 2 )
-        mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, my_send, my_recv, NULL, 0 );
+        mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, my_send, my_recv, NULL );
     else
         mbedtls_ssl_set_bio_timeout( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv,
 #if defined(MBEDTLS_HAVE_TIME)
-                             opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL,
+                             opt.nbio == 0 ? mbedtls_net_recv_timeout : NULL
 #else
-                             NULL,
+                             NULL
 #endif
-                             opt.read_timeout );
+                );
+    mbedtls_ssl_set_read_timeout( &conf, opt.read_timeout );
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
     if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 2bac2ae..9459b2d 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -421,7 +421,7 @@
 
         mbedtls_ssl_set_rng( &ssl, mbedtls_ctr_drbg_random, &ctr_drbg );
         mbedtls_ssl_set_dbg( &conf, my_debug, stdout );
-        mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL, 0 );
+        mbedtls_ssl_set_bio_timeout( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
 
         if( ( ret = mbedtls_ssl_set_own_cert( &ssl, &clicert, &pkey ) ) != 0 )
         {