diff --git a/changes/bug4591 b/changes/bug4591
new file mode 100644
index 0000000000000000000000000000000000000000..59b25a5252fc454889535c639331aa9a6020f99d
--- /dev/null
+++ b/changes/bug4591
@@ -0,0 +1,6 @@
+  o Minor bugfixes:
+    - If the client fails to set a reasonable set of ciphersuites
+      during its v2 handshake renegotiation, allow the renegotiation
+      to continue nevertheless (i.e., send all the required
+      certificates). Fix for bug 4591; bugfix on 0.2.0.20-rc.
+
diff --git a/src/common/tortls.c b/src/common/tortls.c
index cffba2e6ce5269e6bf3faa46a2498b2893af1089..12d982defbfe7c2b80d149b8cadd4cb22e5b3417 100644
--- a/src/common/tortls.c
+++ b/src/common/tortls.c
@@ -1370,7 +1370,9 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
 
   /* Now check the cipher list. */
   if (tor_tls_client_is_using_v2_ciphers(ssl, ADDR(tls))) {
-    /*XXXX_TLS keep this from happening more than once! */
+    if (tls->wasV2Handshake)
+      return; /* We already turned this stuff off for the first handshake;
+               * This is a renegotiation. */
 
     /* Yes, we're casting away the const from ssl.  This is very naughty of us.
      * Let's hope openssl doesn't notice! */