diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index 79b1a4783f0..98e866fe8c5 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -842,7 +842,7 @@ SSL Sockets
 
 SSL sockets also have the following additional methods and attributes:
 
-.. method:: SSLSocket.read(len=0, buffer=None)
+.. method:: SSLSocket.read(len=1024, buffer=None)
 
    Read up to *len* bytes of data from the SSL socket and return the result as
    a ``bytes`` instance. If *buffer* is specified, then read into the buffer
diff --git a/Lib/ssl.py b/Lib/ssl.py
index df395923279..65ad38f899e 100644
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@@ -561,7 +561,7 @@ class SSLObject:
         server hostame is set."""
         return self._sslobj.server_hostname
 
-    def read(self, len=0, buffer=None):
+    def read(self, len=1024, buffer=None):
         """Read up to 'len' bytes from the SSL object and return them.
 
         If 'buffer' is provided, read into this buffer and return the number of
@@ -570,7 +570,7 @@ class SSLObject:
         if buffer is not None:
             v = self._sslobj.read(len, buffer)
         else:
-            v = self._sslobj.read(len or 1024)
+            v = self._sslobj.read(len)
         return v
 
     def write(self, data):
@@ -776,7 +776,7 @@ class SSLSocket(socket):
             # EAGAIN.
             self.getpeername()
 
-    def read(self, len=0, buffer=None):
+    def read(self, len=1024, buffer=None):
         """Read up to LEN bytes and return them.
         Return zero-length string on EOF."""
 
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 8c0dd31c326..645ec8d100c 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py
@@ -2792,13 +2792,20 @@ else:
                         # consume data
                         s.read()
 
-                # read(-1, buffer) is supported, even though read(-1) is not
                 data = b"data"
+
+                # read(-1, buffer) is supported, even though read(-1) is not
                 s.send(data)
                 buffer = bytearray(len(data))
                 self.assertEqual(s.read(-1, buffer), len(data))
                 self.assertEqual(buffer, data)
 
+                # recv/read(0) should return no data
+                s.send(data)
+                self.assertEqual(s.recv(0), b"")
+                self.assertEqual(s.read(0), b"")
+                self.assertEqual(s.read(), data)
+
                 # Make sure sendmsg et al are disallowed to avoid
                 # inadvertent disclosure of data and/or corruption
                 # of the encrypted data stream
diff --git a/Misc/NEWS b/Misc/NEWS
index a855451461a..59c0828d5fe 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -101,6 +101,9 @@ Library
 - Issue #26644: Raise ValueError rather than SystemError when a negative
   length is passed to SSLSocket.recv() or read().
 
+- Issue #23804: Fix SSL recv(0) and read(0) methods to return zero bytes
+  instead of up to 1024.
+
 - Issue #26616: Fixed a bug in datetime.astimezone() method.
 
 - Issue #21925: :func:`warnings.formatwarning` now catches exceptions on