diff --git a/README.md b/README.md
index a293f8e..4de057b 100644
--- a/README.md
+++ b/README.md
@@ -68,6 +68,7 @@ Example of setting TLS 1.3 cipher in nginx:
 | remove_nginx_server_header.patch | Remove nginx server header. (http2, http1.1) |
 | nginx_hpack_remove_server_header_1.15.3.patch | HPACK + Remove nginx server header. (http2, http1.1) |
 | nginx_strict-sni.patch | Enable **Strict-SNI**. Thanks [@JemmyLoveJenny](https://github.com/JemmyLoveJenny). [View issue](https://github.com/hakasenyang/openssl-patch/issues/1#issuecomment-421551872) |
+| nginx_openssl-1.1.x_renegotiation_bugfix.patch | Bugfix **Secure Client-Initiated Renegotiation**. (Check testssl.sh) OpenSSL >= 1.1.1 |
 
 ## How To Use?
 
@@ -116,6 +117,12 @@ Finally, build nginx.
 
 Example patch is [here](https://github.com/hakasenyang/nginx-build/blob/master/strict-sni-example.patch). (nginx)
 
+### nginx OpenSSL-1.1.x Renegotiation Bugfix
+
+Run it from the nginx directory.
+
+``curl https://raw.githubusercontent.com/hakasenyang/openssl-patch/master/nginx_openssl-1.1.x_renegotiation_bugfix.patch | patch -p1``
+
 ## nginx Configuration
 
 ### HPACK Patch
diff --git a/nginx_openssl-1.1.x_renegotiation_bugfix.patch b/nginx_openssl-1.1.x_renegotiation_bugfix.patch
new file mode 100644
index 0000000..b896c83
--- /dev/null
+++ b/nginx_openssl-1.1.x_renegotiation_bugfix.patch
@@ -0,0 +1,25 @@
+diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
+index 3a0e150d..f080b2d7 100644
+--- a/src/event/ngx_event_openssl.c
++++ b/src/event/ngx_event_openssl.c
+@@ -350,6 +350,10 @@ ngx_ssl_create(ngx_ssl_t *ssl, ngx_uint_t protocols, void *data)
+     SSL_CTX_set_max_proto_version(ssl->ctx, TLS1_3_VERSION);
+ #endif
+ 
++#ifdef SSL_OP_NO_RENEGOTIATION
++    SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_RENEGOTIATION);
++#endif
++
+ #ifdef SSL_OP_NO_COMPRESSION
+     SSL_CTX_set_options(ssl->ctx, SSL_OP_NO_COMPRESSION);
+ #endif
+@@ -1294,9 +1298,6 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c, ngx_uint_t flags)
+     } else {
+         SSL_set_accept_state(sc->connection);
+ 
+-#ifdef SSL_OP_NO_RENEGOTIATION
+-        SSL_set_options(sc->connection, SSL_OP_NO_RENEGOTIATION);
+-#endif
+     }
+ 
+     if (SSL_set_ex_data(sc->connection, ngx_ssl_connection_index, c) == 0) {