3.1.5 Message Processing Events and Sequencing Rules

Upon receipt of a new value for TLS_RENEG_PERMITTED from the server, the client MUST update its cached value for the server on the current connection.

Upon receipt of a server-initiated TLS renegotiation request, the client SHOULD proceed with renegotiation if it has previously sent a value for TLS_RENEG_PERMITTED which accepts server-initiated renegotiation, and has received a value for TLS_RENEG_PERMITTED from the server which offers server-initiated renegotiation. If the client has not both sent and received a value for TLS_RENEG_PERMITTED which permits server-initiated renegotiation, the client MUST treat the renegotiation attempt as a connection error of type PROTOCOL_ERROR.