diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 09f54dca..a9d21eba 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -599,6 +599,9 @@ static bool DoExchange(ScopedSSL_SESSION *out_session, SSL_CTX *ssl_ctx,
   if (config->allow_unsafe_legacy_renegotiation) {
     SSL_set_options(ssl.get(), SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION);
   }
+  if (config->no_legacy_server_connect) {
+    SSL_clear_options(ssl.get(), SSL_OP_LEGACY_SERVER_CONNECT);
+  }
   if (!config->expected_channel_id.empty()) {
     SSL_enable_tls_channel_id(ssl.get());
   }
diff --git a/ssl/test/runner/handshake_server.go b/ssl/test/runner/handshake_server.go
index f159aff0..8ca18e52 100644
--- a/ssl/test/runner/handshake_server.go
+++ b/ssl/test/runner/handshake_server.go
@@ -274,6 +274,10 @@ Curves:
 		hs.hello.secureRenegotiation = hs.clientHello.secureRenegotiation
 	}
 
+	if c.config.Bugs.NoRenegotiationInfo {
+		hs.hello.secureRenegotiation = nil
+	}
+
 	hs.hello.compressionMethod = compressionNone
 	hs.hello.duplicateExtension = c.config.Bugs.DuplicateExtension
 	if len(hs.clientHello.serverName) > 0 {
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index c892c37d..eed3a39f 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -2999,6 +2999,27 @@ func addRenegotiationTests() {
 		shouldFail:    true,
 		expectedError: ":RENEGOTIATION_MISMATCH:",
 	})
+	testCases = append(testCases, testCase{
+		name:        "Renegotiate-Client-NoExt",
+		renegotiate: true,
+		config: Config{
+			Bugs: ProtocolBugs{
+				NoRenegotiationInfo: true,
+			},
+		},
+		shouldFail:    true,
+		expectedError: ":UNSAFE_LEGACY_RENEGOTIATION_DISABLED:",
+		flags:         []string{"-no-legacy-server-connect"},
+	})
+	testCases = append(testCases, testCase{
+		name:        "Renegotiate-Client-NoExt-Allowed",
+		renegotiate: true,
+		config: Config{
+			Bugs: ProtocolBugs{
+				NoRenegotiationInfo: true,
+			},
+		},
+	})
 	testCases = append(testCases, testCase{
 		name:        "Renegotiate-Client-SwitchCiphers",
 		renegotiate: true,
diff --git a/ssl/test/test_config.cc b/ssl/test/test_config.cc
index 25906f72..4b24da69 100644
--- a/ssl/test/test_config.cc
+++ b/ssl/test/test_config.cc
@@ -81,6 +81,7 @@ const Flag<bool> kBoolFlags[] = {
   { "-handshake-never-done", &TestConfig::handshake_never_done },
   { "-use-export-context", &TestConfig::use_export_context },
   { "-reject-peer-renegotiations", &TestConfig::reject_peer_renegotiations },
+  { "-no-legacy-server-connect", &TestConfig::no_legacy_server_connect },
 };
 
 const Flag<std::string> kStringFlags[] = {
diff --git a/ssl/test/test_config.h b/ssl/test/test_config.h
index f107a0fb..4bac5616 100644
--- a/ssl/test/test_config.h
+++ b/ssl/test/test_config.h
@@ -78,6 +78,7 @@ struct TestConfig {
   std::string export_context;
   bool use_export_context = false;
   bool reject_peer_renegotiations = false;
+  bool no_legacy_server_connect = false;
 };
 
 bool ParseConfig(int argc, char **argv, TestConfig *out_config);