diff --git a/src/curve25519.c b/src/curve25519.c
index 2660368135bebe44ee309b0e93d30bf5e635286d..86c2cb02925dfa26121963d619e3285292e09bf2 100644
--- a/src/curve25519.c
+++ b/src/curve25519.c
@@ -253,12 +253,24 @@ out:
         return ret;
     }
 #else
-    if (session->server) {
-        crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
-                          session->next_crypto->curve25519_client_pubkey);
-    } else {
-        crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
-                          session->next_crypto->curve25519_server_pubkey);
+    {
+      u_char zero[CURVE25519_PUBKEY_SIZE];
+
+      if (session->server) {
+	crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
+			  session->next_crypto->curve25519_client_pubkey);
+      } else {
+	crypto_scalarmult(k, session->next_crypto->curve25519_privkey,
+			  session->next_crypto->curve25519_server_pubkey);
+      }
+
+      /* Check for all-zero shared secret */
+      explicit_bzero(zero, CURVE25519_PUBKEY_SIZE);
+      if (secure_memcmp(zero, k, CURVE25519_PUBKEY_SIZE) == 0)
+	{
+	  SSH_LOG(SSH_LOG_TRACE, "Shared curve25519 secret is all zero");
+	  return SSH_ERROR;
+	}
     }
 #endif /* HAVE_LIBCRYPTO */