diff --git a/library/ccm.c b/library/ccm.c
index b195a716..32f8bb09 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -152,14 +152,12 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
      * Check length requirements: SP800-38C A.1
      * Additional requirement: a < 2^16 - 2^8 to simplify the code.
      * 'length' checked later (when writing it to the first block)
+     *
+     * Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4).
      */
-    if( tag_len < 4 || tag_len > 16 || tag_len % 2 != 0 )
+    if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
     {
-        /*
-         * Loosen the requirements to enable support for CCM* (IEEE 802.15.4)
-         */
-        if( tag_len != 0 )
-            return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        return( MBEDTLS_ERR_CCM_BAD_INPUT );
     }
 
     /* Also implies q is within bounds */