diff --git a/app/assets/javascripts/app/controllers/ticket_zoom/article_view.coffee b/app/assets/javascripts/app/controllers/ticket_zoom/article_view.coffee
index cbe38bed3..de76f2f04 100644
--- a/app/assets/javascripts/app/controllers/ticket_zoom/article_view.coffee
+++ b/app/assets/javascripts/app/controllers/ticket_zoom/article_view.coffee
@@ -305,34 +305,38 @@ class ArticleViewItem extends App.ControllerObserver
     e.stopPropagation()
 
     article_id = $(e.target).closest('.ticket-article-item').data('id')
+    article    = App.TicketArticle.find(article_id)
 
     @ajax(
       id:   'retrySecurityProcess'
       type: 'POST'
       url:  "#{@apiPath}/ticket_articles/#{article_id}/retry_security_process"
       processData: true
-      success: (data, status, xhr) =>
-        if data.sign.success
-          @notify
-            type: 'success'
-            msg:  App.i18n.translateContent('The signature was successfully verified.')
-        else if data.sign.comment
-          comment = App.i18n.translateContent('Signature verification failed!') + ' ' + App.i18n.translateContent(data.sign.comment || '')
-          @notify
-            type: 'error'
-            msg: comment
-            timeout: 2000
+      success: (encryption_data, status, xhr) =>
+        for data in encryption_data
+          continue if article.preferences.security.type isnt data.type
 
-        if data.encryption.success
-          @notify
-            type: 'success'
-            msg:  App.i18n.translateContent('Decryption was successful.')
-        else if data.encryption.comment
-          comment = App.i18n.translateContent('Decryption failed!') + ' ' + App.i18n.translateContent(data.encryption.comment || '')
-          @notify
-            type: 'error'
-            msg:  comment
-            timeout: 2000
+          if data.sign.success
+            @notify
+              type: 'success'
+              msg:  App.i18n.translateContent('The signature was successfully verified.')
+          else if data.sign.comment
+            comment = App.i18n.translateContent('Signature verification failed!') + ' ' + App.i18n.translateContent(data.sign.comment || '')
+            @notify
+              type: 'error'
+              msg: comment
+              timeout: 2000
+
+          if data.encryption.success
+            @notify
+              type: 'success'
+              msg:  App.i18n.translateContent('Decryption was successful.')
+          else if data.encryption.comment
+            comment = App.i18n.translateContent('Decryption failed!') + ' ' + App.i18n.translateContent(data.encryption.comment || '')
+            @notify
+              type: 'error'
+              msg:  comment
+              timeout: 2000
 
       error: (xhr) =>
         @notify
diff --git a/lib/secure_mailing.rb b/lib/secure_mailing.rb
index f10483834..6b1ce0d30 100644
--- a/lib/secure_mailing.rb
+++ b/lib/secure_mailing.rb
@@ -10,9 +10,11 @@ class SecureMailing
   end
 
   def self.retry(article)
+    result = []
     active_backends.each do |backend|
-      "#{backend}::Retry".constantize.process(article)
+      result << "#{backend}::Retry".constantize.process(article)
     end
+    result
   end
 
   def self.outgoing(mail, security)
diff --git a/spec/system/ticket/zoom_spec.rb b/spec/system/ticket/zoom_spec.rb
index 02d27a1b7..36490d761 100644
--- a/spec/system/ticket/zoom_spec.rb
+++ b/spec/system/ticket/zoom_spec.rb
@@ -590,8 +590,7 @@ RSpec.describe 'Ticket zoom', type: :system do
       end
 
       context 'certificate not present at time of arrival' do
-
-        it 'retry' do
+        let(:mail) do
           smime1 = create(:smime_certificate, :with_private, fixture: system_email_address)
           smime2 = create(:smime_certificate, :with_private, fixture: sender_email_address)
 
@@ -614,6 +613,10 @@ RSpec.describe 'Ticket zoom', type: :system do
           smime1.destroy
           smime2.destroy
 
+          mail
+        end
+
+        it 'does retry successfully' do
           parsed_mail = Channel::EmailParser.new.parse(mail.to_s)
           ticket, article, _user, _mail = Channel::EmailParser.new.process({ group_id: group.id }, parsed_mail['raw'])
           expect(Ticket::Article.find(article.id).body).to eq('no visible content')
@@ -626,6 +629,17 @@ RSpec.describe 'Ticket zoom', type: :system do
           click '.js-securityRetryProcess'
           expect(page).to have_css('.article-content', text: 'somebody with some text')
         end
+
+        it 'does fail on retry (S/MIME function buttons no longer working in tickets #3957)' do
+          parsed_mail = Channel::EmailParser.new.parse(mail.to_s)
+          ticket, article, _user, _mail = Channel::EmailParser.new.process({ group_id: group.id }, parsed_mail['raw'])
+          expect(Ticket::Article.find(article.id).body).to eq('no visible content')
+
+          visit "#ticket/zoom/#{ticket.id}"
+          expect(page).to have_no_css('.article-content', text: 'somebody with some text')
+          click '.js-securityRetryProcess'
+          expect(page).to have_css('#notify', text: 'Decryption failed! Private key for decryption could not be found.')
+        end
       end
     end