diff --git a/Gopkg.lock b/Gopkg.lock
index dca28ef54e4..7f3b81f7bd2 100644
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -381,7 +381,7 @@
 
 [[projects]]
   branch = "master"
-  digest = "1:df59338c43e4b283f17e868945ee72582d46e109f8974625327ea636e0dcef9c"
+  digest = "1:a147a4e692d119a8caecd62b2db67a4ed7169c1a9d60edcbfa2c666842d68d83"
   name = "github.com/hyperledger/fabric-chaincode-go"
   packages = [
     "pkg/statebased",
@@ -390,7 +390,7 @@
     "shimtest",
   ]
   pruneopts = "NUT"
-  revision = "303babf9dbed6e278a1065786122b437473d4e8a"
+  revision = "3a1af156c39db72b9ad8f54124fc926ad12a42b6"
 
 [[projects]]
   digest = "1:0f4305e5a43e324844412168385a23ff23dafc55369fcbbc2ea77fb974f828cc"
diff --git a/vendor/github.com/hyperledger/fabric-chaincode-go/shim/internal/config.go b/vendor/github.com/hyperledger/fabric-chaincode-go/shim/internal/config.go
index 3a6d2ce24f0..51a35e993b8 100644
--- a/vendor/github.com/hyperledger/fabric-chaincode-go/shim/internal/config.go
+++ b/vendor/github.com/hyperledger/fabric-chaincode-go/shim/internal/config.go
@@ -127,11 +127,11 @@ func LoadTLSConfig(isserver bool, key, cert, root []byte) (*tls.Config, error) {
 	tlscfg := &tls.Config{
 		MinVersion:   tls.VersionTLS12,
 		Certificates: []tls.Certificate{cccert},
-		RootCAs:      rootCertPool,
 	}
 
 	//follow Peer's server default config properties
 	if isserver {
+		tlscfg.ClientCAs = rootCertPool
 		tlscfg.SessionTicketsDisabled = true
 		tlscfg.CipherSuites = []uint16{tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
@@ -143,6 +143,8 @@ func LoadTLSConfig(isserver bool, key, cert, root []byte) (*tls.Config, error) {
 		if rootCertPool != nil {
 			tlscfg.ClientAuth = tls.RequireAndVerifyClientCert
 		}
+	} else {
+		tlscfg.RootCAs = rootCertPool
 	}
 
 	return tlscfg, nil