diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c
index 64ebf1c4d6..c333994405 100644
--- a/ssl/quic/quic_port.c
+++ b/ssl/quic/quic_port.c
@@ -741,6 +741,21 @@ static void port_bind_channel(QUIC_PORT *port, const BIO_ADDR *peer,
     if (ch == NULL)
         return;
 
+    /*
+     * If we didn't provide a qrx here that means we need to set our initial
+     * secret here, since we just created a qrx
+     * Normally its not needed, as the initial secret gets added when we send
+     * our first server hello, but if we get a huge client hello, crossing
+     * multiple datagrams, we don't have a chance to do that, and datagrams
+     * after the first won't get decoded properly, for lack of secrets
+     */
+    if (qrx == NULL)
+        if (!ossl_quic_provide_initial_secret(ch->port->engine->libctx,
+                                              ch->port->engine->propq,
+                                              dcid, /* is_server */ 1,
+                                              ch->qrx, NULL))
+            return;
+
     if (odcid->id_len != 0) {
         /*
          * If we have an odcid, then we went through server address validation