diff --git a/README.md b/README.md
index 749640a4d..1b1e00004 100755
--- a/README.md
+++ b/README.md
@@ -155,6 +155,7 @@ For previous versions, please read:
 
 ## V4 changes
 
+* v4.0, 2020-11-06, For [#1657][bug #1657], Read cached data first in SSL. 4.0.48
 * v4.0, 2020-11-06, For [#1657][bug #1657-3], support HTTPS Streaming(HTTPS-FLV, etc). 4.0.47
 * v4.0, 2020-11-06, For [#1657][bug #1657-2], support HTTPS API. 4.0.46
 * v4.0, 2020-11-03, For [#1657][bug #1657-1], support HTTPS client, for http-callback. 4.0.45
diff --git a/trunk/src/app/srs_app_conn.cpp b/trunk/src/app/srs_app_conn.cpp
index 7717371ba..52929bc84 100644
--- a/trunk/src/app/srs_app_conn.cpp
+++ b/trunk/src/app/srs_app_conn.cpp
@@ -681,26 +681,32 @@ srs_error_t SrsSslConnection::read(void* plaintext, size_t nn_plaintext, ssize_t
 {
     srs_error_t err = srs_success;
 
-    // TODO: Can we avoid copy?
-    int nn_cipher = nn_plaintext;
-    char* cipher = new char[nn_cipher];
-    SrsAutoFreeA(char, cipher);
-
     ssize_t nn = 0;
-    // Read the cipher from SSL.
-    if ((err = transport->read(cipher, nn_cipher, &nn)) != srs_success) {
-        return srs_error_wrap(err, "https: read");
-    }
+    int nn_padding = BIO_ctrl_pending(bio_in);
+    if (nn_padding > 0) {
+        // Already exists in SSL cache, read it out.
+        nn = (ssize_t)srs_min(nn_plaintext, nn_padding);
+    } else {
+        // TODO: Can we avoid copy?
+        int nn_cipher = nn_plaintext;
+        char* cipher = new char[nn_cipher];
+        SrsAutoFreeA(char, cipher);
+
+        // Read the cipher from SSL.
+        if ((err = transport->read(cipher, nn_cipher, &nn)) != srs_success) {
+            return srs_error_wrap(err, "https: read");
+        }
 
-    int r0 = BIO_write(bio_in, cipher, nn);
-    if (r0 <= 0) {
-        // TODO: 0 or -1 maybe block, use BIO_should_retry to check.
-        return srs_error_new(ERROR_HTTPS_READ, "BIO_write r0=%d, cipher=%p, size=%d", r0, cipher, nn);
+        int r0 = BIO_write(bio_in, cipher, nn);
+        if (r0 <= 0) {
+            // TODO: 0 or -1 maybe block, use BIO_should_retry to check.
+            return srs_error_new(ERROR_HTTPS_READ, "BIO_write r0=%d, cipher=%p, size=%d", r0, cipher, nn);
+        }
     }
 
-    r0 = SSL_read(ssl, plaintext, nn);
+    int r0 = SSL_read(ssl, plaintext, nn);
     if (r0 <= 0) {
-        return srs_error_new(ERROR_HTTPS_READ, "SSL_read r0=%d, cipher=%p, size=%d", r0, cipher, nn);
+        return srs_error_new(ERROR_HTTPS_READ, "SSL_read r0=%d, cache=%d, size=%d", r0, nn_padding, nn);
     }
 
     srs_assert(r0 <= nn_plaintext);
diff --git a/trunk/src/core/srs_core_version4.hpp b/trunk/src/core/srs_core_version4.hpp
index cf014385d..0d7a5447d 100644
--- a/trunk/src/core/srs_core_version4.hpp
+++ b/trunk/src/core/srs_core_version4.hpp
@@ -24,6 +24,6 @@
 #ifndef SRS_CORE_VERSION4_HPP
 #define SRS_CORE_VERSION4_HPP
 
-#define SRS_VERSION4_REVISION 47
+#define SRS_VERSION4_REVISION 48
 
 #endif