diff --git a/security/nss/lib/ssl/sslnonce.c b/security/nss/lib/ssl/sslnonce.c
index b7b5b7fe5..32e5d75ef 100644
--- a/security/nss/lib/ssl/sslnonce.c
+++ b/security/nss/lib/ssl/sslnonce.c
@@ -1197,14 +1197,15 @@ ssl3_SetSIDSessionTicket(sslSessionID *sid,
      * anything yet, so no locking is needed.
      */
     if (sid->u.ssl3.lock) {
-        PORT_Assert(sid->cached == in_client_cache);
         PR_RWLock_Wlock(sid->u.ssl3.lock);
+        /* Another thread may have evicted, or it may be in external cache. */
+        PORT_Assert(sid->cached != never_cached);
     }
     /* If this was in the client cache, then we might have to free the old
      * ticket.  In TLS 1.3, we might get a replacement ticket if the server
      * sends more than one ticket. */
     if (sid->u.ssl3.locked.sessionTicket.ticket.data) {
-        PORT_Assert(sid->cached == in_client_cache ||
+        PORT_Assert(sid->cached != never_cached ||
                     sid->version >= SSL_LIBRARY_VERSION_TLS_1_3);
         SECITEM_FreeItem(&sid->u.ssl3.locked.sessionTicket.ticket,
                          PR_FALSE);