diff --git a/cyassl/internal.h b/cyassl/internal.h
index b137b6eca..29fe4df2d 100644
--- a/cyassl/internal.h
+++ b/cyassl/internal.h
@@ -1342,7 +1342,8 @@ enum key_cache_state {
 
 /* Additional Conection State according to rfc5746 section 3.1 */
 typedef struct SecureRenegotiation {
-   byte                 enabled; /* secure_renegotiation flag in rfc */
+   byte                 enabled;  /* secure_renegotiation flag in rfc */
+   byte                 startScr; /* server requested client to start scr */
    enum key_cache_state cache_status;  /* track key cache state */
    byte                 client_verify_data[TLS_FINISHED_SZ];  /* cached */
    byte                 server_verify_data[TLS_FINISHED_SZ];  /* cached */
@@ -1768,7 +1769,6 @@ typedef struct Options {
 #ifdef HAVE_POLY1305
     byte            oldPoly;            /* set when to use old rfc way of poly*/
 #endif
-
 #ifndef NO_PSK
     byte            havePSK;            /* psk key set by user */
     psk_client_callback client_psk_cb;
diff --git a/src/internal.c b/src/internal.c
index 0e79d2870..c1321d662 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2014,7 +2014,7 @@ void FreeHandshakeResources(CYASSL* ssl)
 
 #ifdef HAVE_SECURE_RENEGOTIATION
     if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
-        CYASSL_MSG("Secure Renegottation needs to retain handshake resources"); 
+        CYASSL_MSG("Secure Renegotiation needs to retain handshake resources"); 
         return;
     }
 #endif
@@ -4392,8 +4392,15 @@ static int DoHelloRequest(CYASSL* ssl, const byte* input, word32* inOutIdx,
         SendAlert(ssl, alert_fatal, unexpected_message); /* try */
         return FATAL_ERROR;
     }
-    else
+#ifdef HAVE_SECURE_RENEGOTIATION
+    else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
+        ssl->secure_renegotiation->startScr = 1;
+        return 0;
+    }
+#endif
+    else {
         return SendAlert(ssl, alert_warning, no_renegotiation);
+    }
 }
 
 
@@ -7196,7 +7203,18 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
             return  err;
     }
 
-    while (ssl->buffers.clearOutputBuffer.length == 0)
+#ifdef HAVE_SECURE_RENEGOTIATION
+startScr:
+    if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
+        int err;
+        ssl->secure_renegotiation->startScr = 0;  /* only start once */
+        CYASSL_MSG("Need to start scr, server requested");
+        if ( (err = CyaSSL_Rehandshake(ssl)) != SSL_SUCCESS)
+            return  err;
+    }
+#endif
+
+    while (ssl->buffers.clearOutputBuffer.length == 0) {
         if ( (ssl->error = ProcessReply(ssl)) < 0) {
             CYASSL_ERROR(ssl->error);
             if (ssl->error == ZERO_RETURN) {
@@ -7211,6 +7229,13 @@ int ReceiveData(CYASSL* ssl, byte* output, int sz, int peek)
             }
             return ssl->error;
         }
+        #ifdef HAVE_SECURE_RENEGOTIATION
+            if (ssl->secure_renegotiation &&
+                ssl->secure_renegotiation->startScr) {
+                goto startScr;
+            }
+        #endif
+    }
 
     if (sz < (int)ssl->buffers.clearOutputBuffer.length)
         size = sz;