Differentiate between client-initiated and server-initiated SSL renegotiations

My explanation maybe is a bit confusing because of the use of the word "server" when I really mean the BigIP.

Think in the SSL connection established between the client and the BigIP. In this SSL connection the renegotiation can be initiated from the client (that's what I want to reject) or the BigIP (that's what I want to allow and forc every 600 seconds).

If I uncheck the Renegotiation checkbox in my sslclient profile, then I don't allow any kind of renegotiaton, neither client initiated nor BigIP initiated.

In a SSL dialog between client and BigIP, there's a way to differentiate when the BigIP has initiated the negetotiation, and that's the "Hello Request" message sent from the BigIP when it's requesting the "Hello" from the client to start the new handshake, and that's what I thought I could manage from an iRule, but I guess I can't.

Maybe it's more clear now my problem... can I allow BigIP initiated renegotiations while rejecting client initiated renegotiations?

Just using my clientssl profile that manages the SSL connection between client and BigIP as the connection between BigIP and internal pool node is HTTP, I don't use SSL here, just with the Internet clients that connect to my VIP.

Thanks!