diff --git a/src/ArduinoIoTCloudTCP.cpp b/src/ArduinoIoTCloudTCP.cpp
index 828d47c84..4d6d294e4 100644
--- a/src/ArduinoIoTCloudTCP.cpp
+++ b/src/ArduinoIoTCloudTCP.cpp
@@ -328,6 +328,14 @@ ArduinoIoTCloudTCP::State ArduinoIoTCloudTCP::handle_ConnectMqttBroker()
 
 ArduinoIoTCloudTCP::State ArduinoIoTCloudTCP::handle_SubscribeMqttTopics()
 {
+  if (!_mqttClient.connected())
+  {
+    DEBUG_ERROR("ArduinoIoTCloudTCP::%s MQTT client connection lost", __FUNCTION__);
+    _mqttClient.stop();
+    execCloudEventCallback(ArduinoIoTCloudEvent::DISCONNECT);
+    return State::ConnectPhy;
+  }
+
   if (!_mqttClient.subscribe(_dataTopicIn))
   {
     DEBUG_ERROR("ArduinoIoTCloudTCP::%s could not subscribe to %s", __FUNCTION__, _dataTopicIn.c_str());
@@ -360,6 +368,14 @@ ArduinoIoTCloudTCP::State ArduinoIoTCloudTCP::handle_SubscribeMqttTopics()
 
 ArduinoIoTCloudTCP::State ArduinoIoTCloudTCP::handle_RequestLastValues()
 {
+  if (!_mqttClient.connected())
+  {
+    DEBUG_ERROR("ArduinoIoTCloudTCP::%s MQTT client connection lost", __FUNCTION__);
+    _mqttClient.stop();
+    execCloudEventCallback(ArduinoIoTCloudEvent::DISCONNECT);
+    return State::ConnectPhy;
+  }
+
   /* Check whether or not we need to send a new request. */
   unsigned long const now = millis();
   if ((now - _lastSyncRequestTickTime) > TIMEOUT_FOR_LASTVALUES_SYNC)
diff --git a/src/tls/BearSSLClient.cpp b/src/tls/BearSSLClient.cpp
index 5c2cd24c8..390be4cbd 100644
--- a/src/tls/BearSSLClient.cpp
+++ b/src/tls/BearSSLClient.cpp
@@ -36,6 +36,10 @@
 
 extern "C" void aiotc_client_profile_init(br_ssl_client_context *cc, br_x509_minimal_context *xc, const br_x509_trust_anchor *trust_anchors, size_t trust_anchors_num);
 
+
+bool BearSSLClient::_sslio_closing = false;
+
+
 BearSSLClient::BearSSLClient(Client* client, const br_x509_trust_anchor* myTAs, int myNumTAs, GetTimeCallbackFunc func) :
   _client(client),
   _TAs(myTAs),
@@ -156,6 +160,7 @@ void BearSSLClient::stop()
 {
   if (_client->connected()) {
     if ((br_ssl_engine_current_state(&_sc.eng) & BR_SSL_CLOSED) == 0) {
+      BearSSLClient::_sslio_closing = true;
       br_sslio_close(&_ioc);
     }
 
@@ -258,6 +263,9 @@ int BearSSLClient::errorCode()
 
 int BearSSLClient::connectSSL(const char* host)
 {
+  /* Ensure this flag is cleared so we don't terminate a just starting connection. */
+  _sslio_closing = false;
+
   // initialize client context with all necessary algorithms and hardcoded trust anchors.
   aiotc_client_profile_init(&_sc, &_xc, _TAs, _numTAs);
 
@@ -315,6 +323,10 @@ int BearSSLClient::connectSSL(const char* host)
 
 int BearSSLClient::clientRead(void *ctx, unsigned char *buf, size_t len)
 {
+  if (BearSSLClient::_sslio_closing) {
+    return -1;
+  }
+
   Client* c = (Client*)ctx;
 
   if (!c->connected()) {
@@ -346,6 +358,10 @@ int BearSSLClient::clientRead(void *ctx, unsigned char *buf, size_t len)
 
 int BearSSLClient::clientWrite(void *ctx, const unsigned char *buf, size_t len)
 {
+  if (BearSSLClient::_sslio_closing) {
+    return -1;
+  }
+
   Client* c = (Client*)ctx;
 
 #ifdef DEBUGSERIAL
diff --git a/src/tls/BearSSLClient.h b/src/tls/BearSSLClient.h
index dd48f9d7e..ff60214db 100644
--- a/src/tls/BearSSLClient.h
+++ b/src/tls/BearSSLClient.h
@@ -98,6 +98,7 @@ class BearSSLClient : public Client {
   br_x509_certificate _ecCert;
   bool _ecCertDynamic;
 
+  static bool _sslio_closing;
   br_ssl_client_context _sc;
   br_x509_minimal_context _xc;
   unsigned char _ibuf[BEAR_SSL_CLIENT_IBUF_SIZE];