diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+## Version 2.0.2
+
+* Client checks sessionMaxEarlyDataSize to decide 0-RTT
+* Client checks the resumption cipher properly.
+
 ## Version 2.0.1
 
 * Fix a leak of pending data to be sent.
diff --git a/Network/TLS/Context/Internal.hs b/Network/TLS/Context/Internal.hs
--- a/Network/TLS/Context/Internal.hs
+++ b/Network/TLS/Context/Internal.hs
@@ -178,6 +178,7 @@
     , cHash :: Hash
     , cZero :: ByteString
     }
+    deriving (Show)
 
 makeCipherChoice :: Version -> Cipher -> CipherChoice
 makeCipherChoice ver cipher = CipherChoice ver cipher h zero
diff --git a/Network/TLS/Handshake/Client/ClientHello.hs b/Network/TLS/Handshake/Client/ClientHello.hs
--- a/Network/TLS/Handshake/Client/ClientHello.hs
+++ b/Network/TLS/Handshake/Client/ClientHello.hs
@@ -290,11 +290,8 @@
         guard tls13
         (sid, sdata) <- clientWantSessionResume cparams
         guard (sessionVersion sdata >= TLS13)
-        guard (not (null ciphers))
-        let sCipher = head ciphers
-        -- A keyshare is sent only for the first cipher.
-        -- This can induce HRR.
-        guard (cipherID sCipher == sessionCipher sdata)
+        let cid = sessionCipher sdata
+        sCipher <- find (\c -> cipherID c == cid) ciphers
         return (sid, sdata, sCipher)
 
     getPskInfo =
@@ -307,9 +304,13 @@
                     if isAgeValid age tinfo
                         then
                             Just
-                                (identity, sdata, makeCipherChoice TLS13 sCipher, ageToObfuscatedAge age tinfo)
+                                ( identity
+                                , sdata
+                                , makeCipherChoice TLS13 sCipher
+                                , ageToObfuscatedAge age tinfo
+                                )
                         else Nothing
 
-    get0RTTinfo (_, _, choice, _)
-        | clientUseEarlyData cparams = Just choice
+    get0RTTinfo (_, sdata, choice, _)
+        | clientUseEarlyData cparams && sessionMaxEarlyDataSize sdata > 0 = Just choice
         | otherwise = Nothing
diff --git a/Network/TLS/Handshake/Client/ServerHello.hs b/Network/TLS/Handshake/Client/ServerHello.hs
--- a/Network/TLS/Handshake/Client/ServerHello.hs
+++ b/Network/TLS/Handshake/Client/ServerHello.hs
@@ -67,9 +67,12 @@
 processServerHello
     :: ClientParams -> Context -> Handshake -> IO ()
 processServerHello cparams ctx (ServerHello rver serverRan serverSession cipher compression exts) = do
-    when (rver < TLS12) $
+    -- A server which receives a legacy_version value not equal to
+    -- 0x0303 MUST abort the handshake with an "illegal_parameter"
+    -- alert.
+    when (rver /= TLS12) $
         throwCore $
-            Error_Protocol (show rver ++ " is not supported") ProtocolVersion
+            Error_Protocol (show rver ++ " is not supported") IllegalParameter
     -- find the compression and cipher methods that the server want to use.
     clientSession <- tls13stSession <$> getTLS13State ctx
     sentExts <- tls13stSentExtensions <$> getTLS13State ctx
diff --git a/tls.cabal b/tls.cabal
--- a/tls.cabal
+++ b/tls.cabal
@@ -1,6 +1,6 @@
 cabal-version:      >=1.10
 name:               tls
-version:            2.0.1
+version:            2.0.2
 license:            BSD3
 license-file:       LICENSE
 copyright:          Vincent Hanquez <vincent@snarc.org>
@@ -116,7 +116,7 @@
         asn1-types >= 0.3 && < 0.4,
         async >= 2.2 && < 2.3,
         base16-bytestring,
-        bytestring >= 0.10 && < 0.12,
+        bytestring >= 0.10 && < 0.13,
         cereal >= 0.5.3 && < 0.6,
         crypton >= 0.34 && < 0.35,
         crypton-x509 >= 1.7 && < 1.8,
@@ -125,7 +125,7 @@
         data-default-class >= 0.1 && < 0.2,
         memory >= 0.18 && < 0.19,
         mtl >= 2.2 && < 2.4,
-        network >= 3.1 && < 3.2,
+        network >= 3.1,
         serialise >= 0.2 && < 0.3,
         transformers >= 0.5 && < 0.7,
         unix-time >= 0.4.11 && < 0.5
