diff --git a/src/backend/libpq/be-secure-openssl.c b/src/backend/libpq/be-secure-openssl.c
index 37af6e4fdaf75ab531123859852362a4d2527822..b06f987b3fd2c14bae57809fdd85913e6900f1b5 100644
--- a/src/backend/libpq/be-secure-openssl.c
+++ b/src/backend/libpq/be-secure-openssl.c
@@ -595,6 +595,10 @@ be_tls_write(Port *port, void *ptr, size_t len, int *waitfor)
 		 */
 		SSL_clear_num_renegotiations(port->ssl);
 
+		/* without this, renegotiation fails when a client cert is used */
+		SSL_set_session_id_context(port->ssl, (void *) &SSL_context,
+								   sizeof(SSL_context));
+
 		if (SSL_renegotiate(port->ssl) <= 0)
 			ereport(COMMERROR,
 					(errcode(ERRCODE_PROTOCOL_VIOLATION),