diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 30fd6ecfd..072204553 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -2387,7 +2387,7 @@ int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
  *                 of session cache or session tickets.
  *
  * \see            mbedtls_ssl_session_load()
- * \see            mbedtls_ssl_get_session()
+ * \see            mbedtls_ssl_get_session_pointer()
  *
  * \param session  The session structure to be saved.
  * \param buf      The buffer to write the serialized data to. It must be a
@@ -2404,6 +2404,23 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
                               size_t buf_len,
                               size_t *olen );
 
+/**
+ * \brief          Get a pointer to the current session structure, for example
+ *                 to serialise it.
+ *
+ * \warning        Ownership of the session remains with the SSL context - the
+ *                 returned pointer must not be kept after the connection has
+ *                 ended or been renegotiated.
+ *
+ * \see            mbedtls_ssl_session_save()
+ *
+ * \param ssl      SSL context
+ *
+ * \return         A pointer to the current session if successful,
+ *                 NULL if no session is active.
+ */
+const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl );
+
 /**
  * \brief               Set the list of allowed ciphersuites and the preference
  *                      order. First in the list has the highest preference.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5a4faa7c8..f1ba99a02 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -9834,6 +9834,14 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
 }
 #endif /* MBEDTLS_SSL_CLI_C */
 
+const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl )
+{
+    if( ssl == NULL )
+        return( NULL );
+
+    return( ssl->session );
+}
+
 /*
  * Serialize a session in the following format:
  * (in the presentation language of TLS, RFC 8446 section 3)
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 342ecddba..36db80df1 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2442,14 +2442,7 @@ int main( int argc, char *argv[] )
         mbedtls_printf("  . Saving session for reuse..." );
         fflush( stdout );
 
-        if( ( ret = mbedtls_ssl_get_session( &ssl, &saved_session ) ) != 0 )
-        {
-            mbedtls_printf( " failed\n  ! mbedtls_ssl_get_session returned -0x%x\n\n",
-                            -ret );
-            goto exit;
-        }
-
-        if( ( ret = mbedtls_ssl_session_save( &saved_session,
+        if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ),
                                               session_data, sizeof( session_data ),
                                               &session_data_len ) ) != 0 )
         {
@@ -2458,10 +2451,6 @@ int main( int argc, char *argv[] )
             goto exit;
         }
 
-        /* Simulate that serialised state can have a larger lifetime than a
-         * structure: keep the serialised data but not the structure. */
-        mbedtls_ssl_session_free( &saved_session );
-
         mbedtls_printf( " ok\n" );
     }