diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 5e3239ae200832..f1d5ade3edbdf3 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -613,6 +613,9 @@ TLSSocket.prototype.renegotiate = function(options, callback) {
     this._requestCert = requestCert;
     this._rejectUnauthorized = rejectUnauthorized;
   }
+  // Ensure that we'll cycle through internal openssl's state
+  this.write('');
+
   if (!this._handle.renegotiate()) {
     if (callback) {
       process.nextTick(callback, new ERR_TLS_RENEGOTIATE());
diff --git a/test/parallel/test-tls-disable-renegotiation.js b/test/parallel/test-tls-disable-renegotiation.js
index f43276460910f7..0fc98641a69800 100644
--- a/test/parallel/test-tls-disable-renegotiation.js
+++ b/test/parallel/test-tls-disable-renegotiation.js
@@ -46,7 +46,6 @@ server.listen(0, common.mustCall(() => {
     port
   };
   const client = tls.connect(options, common.mustCall(() => {
-    client.write('');
     // Negotiation is still permitted for this first
     // attempt. This should succeed.
     let ok = client.renegotiate(options, common.mustCall((err) => {
@@ -56,7 +55,6 @@ server.listen(0, common.mustCall(() => {
       // data event on the server. After that data
       // is received, disableRenegotiation is called.
       client.write('data', common.mustCall(() => {
-        client.write('');
         // This second renegotiation attempt should fail
         // and the callback should never be invoked. The
         // server will simply drop the connection after