diff --git a/src/dtls.c b/src/dtls.c
index 4238d55ad..ce84fd3a0 100644
--- a/src/dtls.c
+++ b/src/dtls.c
@@ -99,6 +99,26 @@ int DtlsIgnoreError(int err)
     }
 }
 
+void DtlsSetSeqNumForReply(WOLFSSL* ssl)
+{
+    /* We cover both DTLS 1.2 and 1.3 cases because we may be negotiating
+     * protocols. */
+    /* We should continue with the same sequence number as the
+     * Client Hello. */
+    ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
+    ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
+#ifdef WOLFSSL_DTLS13
+    if (ssl->dtls13EncryptEpoch != NULL) {
+        ssl->dtls13EncryptEpoch->nextSeqNumber =
+                w64From32(ssl->keys.curSeq_hi, ssl->keys.curSeq_lo);
+    }
+#endif
+    /* We should continue with the same handshake number as the
+     * Client Hello. */
+    ssl->keys.dtls_handshake_number =
+            ssl->keys.dtls_peer_handshake_number;
+}
+
 #if !defined(NO_WOLFSSL_SERVER)
 
 #if defined(NO_SHA) && defined(NO_SHA256)
diff --git a/src/internal.c b/src/internal.c
index ee6d4c3c7..35ba423bd 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -33186,14 +33186,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
         /* Update the ssl->options.dtlsStateful setting `if` statement in
          * wolfSSL_accept when changing this one. */
         if (IsDtlsNotSctpMode(ssl) && IsDtlsNotSrtpMode(ssl) && !IsSCR(ssl)) {
-            /* We should continue with the same sequence number as the
-             * Client Hello. */
-            ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
-            ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
-            /* We should continue with the same handshake number as the
-             * Client Hello. */
-            ssl->keys.dtls_handshake_number =
-                    ssl->keys.dtls_peer_handshake_number;
+            DtlsSetSeqNumForReply(ssl);
             ret = DoClientHelloStateless(ssl, input, inOutIdx, helloSz);
             if (ret != 0 || !ssl->options.dtlsStateful) {
                 int alertType = TranslateErrorToAlert(ret);
diff --git a/src/tls13.c b/src/tls13.c
index c05421701..44b0ec687 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -11084,12 +11084,8 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
 
     if (alertType != invalid_alert) {
 #ifdef WOLFSSL_DTLS13
-        if (type == client_hello && ssl->options.dtls) {
-            /* We should continue with the same sequence number as the
-             * Client Hello. */
-            ssl->dtls13EncryptEpoch->nextSeqNumber =
-                    w64From32(ssl->keys.curSeq_hi, ssl->keys.curSeq_lo);
-        }
+        if (type == client_hello && ssl->options.dtls)
+            DtlsSetSeqNumForReply(ssl);
 #endif
         SendAlert(ssl, alert_fatal, alertType);
     }
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 8482b55ab..3b0bc62c8 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -6077,6 +6077,7 @@ WOLFSSL_API int wolfSSL_DtlsUpdateWindow(word16 cur_hi, word32 cur_lo,
         word16* next_hi, word32* next_lo, word32 *window);
 WOLFSSL_LOCAL void DtlsResetState(WOLFSSL *ssl);
 WOLFSSL_LOCAL int DtlsIgnoreError(int err);
+WOLFSSL_LOCAL void DtlsSetSeqNumForReply(WOLFSSL* ssl);
 #endif
 
 #ifdef WOLFSSL_DTLS13