diff --git a/CHANGES b/CHANGES
index c6d51b0bc..ef8dff4a0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,9 @@
 
  Changes between 1.0.1c and 1.0.1d [xx XXX xxxx]
 
-  *)
+  *) Don't use TLS 1.0 record version number in initial client hello
+     if renegotiating.
+     [Steve Henson]
 
  Changes between 1.0.1b and 1.0.1c [10 May 2012]
 
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index adf8c387c..f71c03b58 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -744,6 +744,7 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 	 * bytes and record version number > TLS 1.0
 	 */
 	if (s->state == SSL3_ST_CW_CLNT_HELLO_B
+				&& !s->renegotiate
 				&& TLS1_get_version(s) > TLS1_VERSION)
 		*(p++) = 0x1;
 	else