diff --git a/handshake/crypto_setup_client.go b/handshake/crypto_setup_client.go
index 6ce08f94..dd154655 100644
--- a/handshake/crypto_setup_client.go
+++ b/handshake/crypto_setup_client.go
@@ -25,6 +25,7 @@ type cryptoSetupClient struct {
 	stk                  []byte
 	sno                  []byte
 	nonc                 []byte
+	proof                []byte
 	diversificationNonce []byte
 	lastSentCHLO         []byte
 	certManager          crypto.CertManager
@@ -132,6 +133,10 @@ func (h *cryptoSetupClient) handleREJMessage(cryptoData map[Tag][]byte) error {
 		}
 	}
 
+	if proof, ok := cryptoData[TagPROF]; ok {
+		h.proof = proof
+	}
+
 	if crt, ok := cryptoData[TagCERT]; ok {
 		err := h.certManager.SetData(crt)
 		if err != nil {
diff --git a/handshake/crypto_setup_client_test.go b/handshake/crypto_setup_client_test.go
index 8e619708..b7212d5b 100644
--- a/handshake/crypto_setup_client_test.go
+++ b/handshake/crypto_setup_client_test.go
@@ -73,6 +73,14 @@ var _ = Describe("Crypto setup", func() {
 			Expect(cs.stk).Should(Equal(stk))
 		})
 
+		It("saves the proof", func() {
+			proof := []byte("signature for the server config")
+			tagMap[TagPROF] = proof
+			err := cs.handleREJMessage(tagMap)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(cs.proof).To(Equal(proof))
+		})
+
 		It("saves the server nonce", func() {
 			nonc := []byte("servernonce")
 			tagMap[TagSNO] = nonc