diff --git a/patches/nginx-1.13.6-stream_ssl_preread_no_skip.patch b/patches/nginx-1.13.6-stream_ssl_preread_no_skip.patch
new file mode 100644
index 0000000..e45e9f6
--- /dev/null
+++ b/patches/nginx-1.13.6-stream_ssl_preread_no_skip.patch
@@ -0,0 +1,13 @@
+diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c
+index e3d11fd9..3717b5fe 100644
+--- a/src/stream/ngx_stream_ssl_preread_module.c
++++ b/src/stream/ngx_stream_ssl_preread_module.c
+@@ -159,7 +159,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s)
+ 
+         rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len);
+         if (rc != NGX_AGAIN) {
+-            return rc;
++            return rc == NGX_OK ? NGX_DECLINED : rc;
+         }
+ 
+         p += len;
diff --git a/patches/nginx-1.13.8-stream_ssl_preread_no_skip.patch b/patches/nginx-1.13.8-stream_ssl_preread_no_skip.patch
new file mode 100644
index 0000000..e45e9f6
--- /dev/null
+++ b/patches/nginx-1.13.8-stream_ssl_preread_no_skip.patch
@@ -0,0 +1,13 @@
+diff --git a/src/stream/ngx_stream_ssl_preread_module.c b/src/stream/ngx_stream_ssl_preread_module.c
+index e3d11fd9..3717b5fe 100644
+--- a/src/stream/ngx_stream_ssl_preread_module.c
++++ b/src/stream/ngx_stream_ssl_preread_module.c
+@@ -159,7 +159,7 @@ ngx_stream_ssl_preread_handler(ngx_stream_session_t *s)
+ 
+         rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len);
+         if (rc != NGX_AGAIN) {
+-            return rc;
++            return rc == NGX_OK ? NGX_DECLINED : rc;
+         }
+ 
+         p += len;
diff --git a/util/mirror-tarballs b/util/mirror-tarballs
index 6b45522..51bafc1 100755
--- a/util/mirror-tarballs
+++ b/util/mirror-tarballs
@@ -56,6 +56,13 @@ if [ "$answer" = "Y" ]; then
     echo
 fi
 
+answer=`$root/util/ver-ge "$main_ver" 1.13.6`
+if [ "$answer" = "Y" ]; then
+    echo "$info_txt applying the stream_ssl_preread_no_skip patch for nginx"
+    patch -p1 < $root/patches/nginx-$main_ver-stream_ssl_preread_no_skip.patch || exit 1
+    echo
+fi
+
 answer=`$root/util/ver-ge "$main_ver" 1.5.12`
 if [ "$answer" = "N" ]; then
     echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)"