diff --git a/libxrdp/xrdp_iso.c b/libxrdp/xrdp_iso.c
index 633dc5a9..b15be2ad 100644
--- a/libxrdp/xrdp_iso.c
+++ b/libxrdp/xrdp_iso.c
@@ -305,12 +305,10 @@ xrdp_iso_incoming(struct xrdp_iso *self)
         }
     }
 
+    int serverSecurityLayer = self->mcs_layer->sec_layer->rdp_layer->client_info.security_layer;
     /* security layer negotiation */
     if (self->rdpNegData)
     {
-        int
-                serverSecurityLayer =
-                        self->mcs_layer->sec_layer->rdp_layer->client_info.security_layer;
         self->selectedProtocol = PROTOCOL_RDP; /* set default security layer */
 
         switch (serverSecurityLayer)
@@ -371,6 +369,11 @@ xrdp_iso_incoming(struct xrdp_iso *self)
                 self->failureCode = INCONSISTENT_FLAGS; //TODO: ?
         }
     }
+    else if (self->requestedProtocol != serverSecurityLayer)
+    {
+    	/* enforce server security */
+    	return 1;
+    }
 
     /* set things for tls connection */