Index: src/tls/OFOpenSSLTLSStream.m
==================================================================
--- src/tls/OFOpenSSLTLSStream.m
+++ src/tls/OFOpenSSLTLSStream.m
@@ -122,11 +122,22 @@
 			if (e.errNo != EWOULDBLOCK && e.errNo != EAGAIN)
 				@throw e;
 		}
 	}
 
-	if ((ret = SSL_read_ex(_SSL, buffer, length, &bytesRead)) != 1) {
+	ret = SSL_read_ex(_SSL, buffer, length, &bytesRead);
+
+	if (BIO_ctrl_pending(_writeBIO) > 0) {
+		int tmp = BIO_read(_writeBIO, _buffer, bufferSize);
+
+		OFEnsure(tmp >= 0);
+
+		[_underlyingStream writeBuffer: _buffer length: tmp];
+		[_underlyingStream flushWriteBuffer];
+	}
+
+	if (ret != 1) {
 		/*
 		 * The underlying stream might have had data ready, but not
 		 * enough for OpenSSL to return decrypted data. This means the
 		 * caller might have observed the TLS stream for reading, got a
 		 * ready signal and read - and expects the read to succeed, not