3.1.4 Higher-Layer Triggered Events

Events from the higher layer (for example, the provision of a client certificate) could change the client’s willingness to employ TLS renegotiation. The client SHOULD re-evaluate the currently-set value for TLS_RENEG_PERMITTED and send a new value if its willingness has changed.

Events from the higher layer could also cause the client to desire renegotiation. If the client has previously sent a value for TLS_RENEG_PERMITTED which offers client-initiated renegotiation, and has received a value for TLS_RENEG_PERMITTED from the server which accepts client-initiated renegotiation, the client MAY relay this event to the TLS layer. If the client has not both sent and received a value for TLS_RENEG_PERMITTED which supports client-initiated renegotiation, the client MUST NOT trigger TLS renegotiation.