diff --git a/CHANGELOG.md b/CHANGELOG.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## Version 2.0.5
+
+* Fixing handshake13_0rtt_fallback
+* Client checks if the group of PSK is contained in Supported_Groups.
+* HRR is not allowed for 0-RTT.
+
 ## Version 2.0.4
 
 * More fix for 0-RTT when application data is available while receiving CF.
diff --git a/Network/TLS/Core.hs b/Network/TLS/Core.hs
--- a/Network/TLS/Core.hs
+++ b/Network/TLS/Core.hs
@@ -44,6 +44,7 @@
 import Network.TLS.Handshake.Common
 import Network.TLS.Handshake.Common13
 import Network.TLS.Handshake.Process
+import Network.TLS.Handshake.Random
 import Network.TLS.Handshake.State
 import Network.TLS.Handshake.State13
 import Network.TLS.IO
@@ -88,7 +89,8 @@
 getRTT :: Context -> IO Int
 getRTT ctx = do
     rtt <- tls13stRTT <$> getTLS13State ctx
-    return (fromIntegral rtt * rttFactor * 1000) -- ms to us
+    let rtt' = max (fromIntegral rtt) 10
+    return (rtt' * rttFactor * 1000) -- ms to us
 
 -- | notify the context that this side wants to close connection.
 -- this is important that it is called before closing the handle, otherwise
@@ -348,6 +350,14 @@
     loopHandshake13 (h@Certificate13{} : hs) =
         postHandshakeAuthWith ctx h >> loopHandshake13 hs
     loopHandshake13 (h : hs) = do
+        rtt0 <- tls13st0RTT <$> getTLS13State ctx
+        when rtt0 $ case h of
+            ServerHello13 srand _ _ _ ->
+                when (isHelloRetryRequest srand) $ do
+                    clearTxRecordState ctx
+                    let reason = "HRR is not allowed for 0-RTT"
+                     in terminate13 ctx (Error_Misc reason) AlertLevel_Fatal UnexpectedMessage reason
+            _ -> return ()
         cont <- popAction ctx h hs
         when cont $ loopHandshake13 hs
 
diff --git a/Network/TLS/Handshake/Client.hs b/Network/TLS/Handshake/Client.hs
--- a/Network/TLS/Handshake/Client.hs
+++ b/Network/TLS/Handshake/Client.hs
@@ -36,14 +36,17 @@
 -- client part of handshake. send a bunch of handshake of client
 -- values intertwined with response from the server.
 handshakeClient :: ClientParams -> Context -> IO ()
-handshakeClient cparams ctx = handshake cparams ctx groups Nothing
+handshakeClient cparams ctx = do
+    groups <- case clientWantSessionResume cparams of
+        Nothing -> return groupsSupported
+        Just (_, sdata) -> case sessionGroup sdata of
+            Nothing -> return [] -- TLS 1.2 or earlier
+            Just grp
+                | grp `elem` groupsSupported -> return $ grp : filter (/= grp) groupsSupported
+                | otherwise -> throwCore $ Error_Misc "groupsSupported is incorrect"
+    handshake cparams ctx groups Nothing
   where
     groupsSupported = supportedGroups (ctxSupported ctx)
-    groups = case clientWantSessionResume cparams of
-        Nothing -> groupsSupported
-        Just (_, sdata) -> case sessionGroup sdata of
-            Nothing -> [] -- TLS 1.2 or earlier
-            Just grp -> grp : filter (/= grp) groupsSupported
 
 -- https://tools.ietf.org/html/rfc8446#section-4.1.2 says:
 -- "The client will also send a
diff --git a/test/HandshakeSpec.hs b/test/HandshakeSpec.hs
--- a/test/HandshakeSpec.hs
+++ b/test/HandshakeSpec.hs
@@ -865,7 +865,6 @@
 
 handshake13_0rtt_fallback :: CSP13 -> IO ()
 handshake13_0rtt_fallback (CSP13 (cli, srv)) = do
-    maxEarlyDataSize <- generate $ choose (0, 512)
     group0 <- generate $ elements [P256, X25519]
     let cliSupported =
             def
@@ -877,21 +876,21 @@
                 { supportedCiphers = [cipher_TLS13_AES128GCM_SHA256]
                 , supportedGroups = [group0]
                 }
-        params0 =
+        params =
             ( cli{clientSupported = cliSupported}
             , srv
                 { serverSupported = svrSupported
-                , serverEarlyDataSize = maxEarlyDataSize
+                , serverEarlyDataSize = 1024
                 }
             )
 
     sessionRefs <- twoSessionRefs
     let sessionManagers = twoSessionManagers sessionRefs
 
-    let params = setPairParamsSessionManagers sessionManagers params0
+    let params0 = setPairParamsSessionManagers sessionManagers params
 
     let mode = if group0 == P256 then FullHandshake else HelloRetryRequest
-    runTLSSimple13 params mode
+    runTLSSimple13 params0 mode
 
     -- and resume
     mSessionParams <- readClientSessionRef sessionRefs
@@ -900,7 +899,7 @@
         Just sessionParams -> do
             earlyData <- B.pack <$> generate (someWords8 256)
             group1 <- generate $ elements [P256, X25519]
-            let (pc, ps) = setPairParamsSessionResuming sessionParams params
+            let (pc, ps) = setPairParamsSessionResuming sessionParams params0
                 svrSupported1 =
                     def
                         { supportedCiphers = [cipher_TLS13_AES128GCM_SHA256]
@@ -913,9 +912,14 @@
                         , serverSupported = svrSupported1
                         }
                     )
-
-            if group1 == group0
+            -- C: [P256, X25519]
+            -- S: [group0]
+            -- C: [P256, X25519]
+            -- S: [group1]
+            if group0 == group1
+                -- 0-RTT is not allowed, so fallback to PreSharedKey
                 then runTLS0RTT params1 PreSharedKey earlyData
+                -- HRR but not allowed for 0-RTT
                 else runTLSFailure params1 (tlsClient earlyData) tlsServer
   where
     tlsClient earlyData ctx = do
diff --git a/tls.cabal b/tls.cabal
--- a/tls.cabal
+++ b/tls.cabal
@@ -1,6 +1,6 @@
 cabal-version:      >=1.10
 name:               tls
-version:            2.0.4
+version:            2.0.5
 license:            BSD3
 license-file:       LICENSE
 copyright:          Vincent Hanquez <vincent@snarc.org>
