diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 3a14a5830751..7629e6dd2057 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -381,8 +381,12 @@
 
 /* The value of the CID extension is still TBD as of
  * draft-ietf-tls-dtls-connection-id-05
- * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
-#define MBEDTLS_TLS_EXT_CID                        254 /* TBD */
+ * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
+ * Latest CID value is here:
+ * https://www.iana.org/assignments/tls-extensiontype-values/
+ *       tls-extensiontype-values.xhtml#tls-extensiontype-values-1
+ */
+#define MBEDTLS_TLS_EXT_CID                        54
 
 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP               256 /* experimental */
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 1cfda4a081b5..14f197774c73 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -696,7 +696,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
     const mbedtls_md_info_t *md_info;
 
 #if !defined(MBEDTLS_SSL_EXPORT_KEYS) && \
-    !defined(MBEDTLS_DEBUG_C)
+    !defined(MBEDTLS_DEBUG_C) && \
+    !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* change from: https://github.com/ARMmbed/mbedtls/pull/3991/files */
     ssl = NULL; /* make sure we don't use it except for those cases */
     (void) ssl;
 #endif