diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 182dab75843f8c..eaf937640ed088 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -621,6 +621,9 @@ TLSSocket.prototype.renegotiate = function(options, callback) {
     this._requestCert = requestCert;
     this._rejectUnauthorized = rejectUnauthorized;
   }
+  // Ensure that we'll cycle through internal openssl's state
+  this.write('');
+
   if (!this._handle.renegotiate()) {
     if (callback) {
       process.nextTick(callback, new ERR_TLS_RENEGOTIATE());
diff --git a/test/parallel/test-tls-disable-renegotiation.js b/test/parallel/test-tls-disable-renegotiation.js
index da492713a0742a..13e08112e596d6 100644
--- a/test/parallel/test-tls-disable-renegotiation.js
+++ b/test/parallel/test-tls-disable-renegotiation.js
@@ -46,7 +46,6 @@ server.listen(0, common.mustCall(() => {
     port
   };
   const client = tls.connect(options, common.mustCall(() => {
-    client.write('');
 
     common.expectsError(() => client.renegotiate(), {
       code: 'ERR_INVALID_ARG_TYPE',
@@ -78,7 +77,6 @@ server.listen(0, common.mustCall(() => {
       // data event on the server. After that data
       // is received, disableRenegotiation is called.
       client.write('data', common.mustCall(() => {
-        client.write('');
         // This second renegotiation attempt should fail
         // and the callback should never be invoked. The
         // server will simply drop the connection after