diff --git a/tlslite/tlsrecordlayer.py b/tlslite/tlsrecordlayer.py
index b9ade02f..06e5597d 100644
--- a/tlslite/tlsrecordlayer.py
+++ b/tlslite/tlsrecordlayer.py
@@ -970,6 +970,12 @@ def _decryptRecord(self, recordType, b):
                 if self.version >= (3,2): #For TLS 1.1, remove explicit IV
                     b = b[self._readState.encContext.block_size : ]
 
+                if len(b) == 0:
+                    for result in self._sendError(\
+                            AlertDescription.decryption_failed,
+                            "No data left after decryption and IV removal"):
+                        yield result
+
                 #Check padding
                 paddingGood = True
                 paddingLength = b[-1]