diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 0a02694eb71..d1063cbe47c 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -291,7 +291,14 @@ int main(void)
         ret = 0;
         goto reset;
     } else if (ret != 0) {
-        printf(" failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret);
+        printf(" failed\n  ! mbedtls_ssl_handshake returned -0x%x\n", (unsigned int) -ret);
+        if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) {
+            printf("    An unexpected message was received from our peer. If this happened at\n");
+            printf("    the beginning of the handshake, this is likely a duplicated packet or\n");
+            printf("    a close_notify alert from the previous connection, which is harmless.\n");
+            ret = 0;
+        }
+        printf("\n");
         goto reset;
     }
 
diff --git a/tests/opt-testcases/sample.sh b/tests/opt-testcases/sample.sh
index 8b2bc995a37..ff847cc6455 100644
--- a/tests/opt-testcases/sample.sh
+++ b/tests/opt-testcases/sample.sh
@@ -325,11 +325,6 @@ run_test    "Sample: ssl_pthread_server, gnutls client, TLS 1.3" \
             -S "error" \
             -C "ERROR"
 
-# The server complains of extra data after it closes the connection
-# because the client keeps sending data, so the server receives
-# more application data when it expects a new handshake. We consider
-# the test a success if both sides have sent and received application
-# data, no matter what happens afterwards.
 run_test    "Sample: dtls_client with dtls_server" \
             -P 4433 \
             "$PROGRAMS_DIR/dtls_server" \
@@ -339,13 +334,9 @@ run_test    "Sample: dtls_client with dtls_server" \
             -s "[1-9][0-9]* bytes written" \
             -c "[1-9][0-9]* bytes read" \
             -c "[1-9][0-9]* bytes written" \
+            -S "error" \
             -C "error"
 
-# The server complains of extra data after it closes the connection
-# because the client keeps sending data, so the server receives
-# more application data when it expects a new handshake. We consider
-# the test a success if both sides have sent and received application
-# data, no matter what happens afterwards.
 run_test    "Sample: ssl_client2, dtls_server" \
             -P 4433 \
             "$PROGRAMS_DIR/dtls_server" \
@@ -355,6 +346,7 @@ run_test    "Sample: ssl_client2, dtls_server" \
             -s "[1-9][0-9]* bytes written" \
             -c "[1-9][0-9]* bytes read" \
             -c "[1-9][0-9]* bytes written" \
+            -S "error" \
             -C "error"
 
 requires_protocol_version dtls12