diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 9d47c9c2baf27d..e041c1257890e2 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -39,6 +39,7 @@ const { owner_symbol } = require('internal/async_hooks').symbols;
 const { SecureContext: NativeSecureContext } = internalBinding('crypto');
 const {
   ERR_INVALID_ARG_TYPE,
+  ERR_INVALID_CALLBACK,
   ERR_MULTIPLE_CALLBACK,
   ERR_SOCKET_CLOSED,
   ERR_TLS_DH_PARAM_SIZE,
@@ -581,6 +582,11 @@ TLSSocket.prototype._init = function(socket, wrap) {
 };
 
 TLSSocket.prototype.renegotiate = function(options, callback) {
+  if (options === null || typeof options !== 'object')
+    throw new ERR_INVALID_ARG_TYPE('options', 'Object', options);
+  if (callback != null && typeof callback !== 'function')
+    throw new ERR_INVALID_CALLBACK();
+
   if (this.destroyed)
     return;
 
diff --git a/test/parallel/test-tls-disable-renegotiation.js b/test/parallel/test-tls-disable-renegotiation.js
index f43276460910f7..42042a21bfbedb 100644
--- a/test/parallel/test-tls-disable-renegotiation.js
+++ b/test/parallel/test-tls-disable-renegotiation.js
@@ -47,6 +47,22 @@ server.listen(0, common.mustCall(() => {
   };
   const client = tls.connect(options, common.mustCall(() => {
     client.write('');
+
+    common.expectsError(() => client.renegotiate(), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      type: TypeError,
+    });
+
+    common.expectsError(() => client.renegotiate(common.mustNotCall()), {
+      code: 'ERR_INVALID_ARG_TYPE',
+      type: TypeError,
+    });
+
+    common.expectsError(() => client.renegotiate({}, false), {
+      code: 'ERR_INVALID_CALLBACK',
+      type: TypeError,
+    });
+
     // Negotiation is still permitted for this first
     // attempt. This should succeed.
     let ok = client.renegotiate(options, common.mustCall((err) => {