diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index 48108710933382..9cf3fc41485080 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -713,7 +713,12 @@ TLSSocket.prototype._wrapHandle = function(wrap, handle, wrapHasActiveWriteFromP
   this[kRes] = res;
   defineHandleReading(this, handle);
 
-  this.on('close', onSocketCloseDestroySSL);
+  // Guard against adding multiple listeners, as this method may be called
+  // repeatedly on the same socket by reinitializeHandle
+  if (this.listenerCount('close', onSocketCloseDestroySSL) === 0) {
+    this.on('close', onSocketCloseDestroySSL);
+  }
+
   if (wrap) {
     wrap.on('close', () => this.destroy());
   }
diff --git a/test/parallel/test-tls-reinitialize-listeners.js b/test/parallel/test-tls-reinitialize-listeners.js
new file mode 100644
index 00000000000000..ffd7c825b0f699
--- /dev/null
+++ b/test/parallel/test-tls-reinitialize-listeners.js
@@ -0,0 +1,42 @@
+// Flags: --expose-internals
+'use strict';
+
+const common = require('../common');
+
+if (!common.hasCrypto) {
+  common.skip('missing crypto');
+}
+
+const events = require('events');
+const fixtures = require('../common/fixtures');
+const tls = require('tls');
+const { kReinitializeHandle } = require('internal/net');
+
+// Test that repeated calls to kReinitializeHandle() do not result in repeatedly
+// adding new listeners on the socket (i.e. no MaxListenersExceededWarnings)
+
+process.on('warning', common.mustNotCall());
+
+const server = tls.createServer({
+  key: fixtures.readKey('agent1-key.pem'),
+  cert: fixtures.readKey('agent1-cert.pem')
+});
+
+server.listen(0, common.mustCall(function() {
+  const socket = tls.connect({
+    port: this.address().port,
+    rejectUnauthorized: false
+  });
+
+  socket.on('secureConnect', common.mustCall(function() {
+    for (let i = 0; i < events.defaultMaxListeners + 1; i++) {
+      socket[kReinitializeHandle]();
+    }
+
+    socket.destroy();
+  }));
+
+  socket.on('close', function() {
+    server.close();
+  });
+}));