diff --git a/src/internal.c b/src/internal.c
index 8af6700b2..b7b209836 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -23715,11 +23715,19 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
         /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
         if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) {
+            TLSX* extension;
+
+            /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
             ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap);
             if (ret != WOLFSSL_SUCCESS)
                 return ret;
-            if (ssl->secure_renegotiation)
+
+            extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
+            if (extension) {
+                ssl->secure_renegotiation =
+                                          (SecureRenegotiation*)extension->data;
                 ssl->secure_renegotiation->enabled = 1;
+            }
         }
 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
 
diff --git a/src/tls13.c b/src/tls13.c
index 9046b331d..fd50831db 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3882,11 +3882,18 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
 
 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
     if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) {
+        TLSX* extension;
+
         /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
         ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap);
         if (ret != WOLFSSL_SUCCESS)
             return ret;
-        ssl->secure_renegotiation->enabled = 1;
+
+        extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
+        if (extension) {
+            ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
+            ssl->secure_renegotiation->enabled = 1;
+        }
     }
 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */