diff --git a/proto/ei.proto b/proto/ei.proto
index 0ea1229..f6e75c1 100644
--- a/proto/ei.proto
+++ b/proto/ei.proto
@@ -37,15 +37,15 @@ syntax = "proto3";
  * ----------------------------
  *
  * Where a proxy is in place (e.g. a portal), the client connection can be
- * preconfigured to match the permissions model. The proxy would open a
- * socket to the server, write the Configure* messages onto that socket and
- * then pass the fd to the client to create a libei context from that.
+ * pre-configured to match the permissions model. The proxy opens or obtains a
+ * socket to the server, writes the Configure* messages onto that socket and
+ * then passes the fd to the client to create a libei context from that.
  *
  * The proxy can force a client name and/or restrict other options. This is
  * invisible to the client, it does not know what restrictions are in place.
  *
- * Configure messages may come at any time but they can only ever *reduce*
- * the current capabilities, not increase them.
+ * Configure messages may only be sent before the client connection. Sending
+ * Configure messages after a client has connected will be silently ignored.
  */
 
 /* ConfigureName *must* be sent before the Connect event */
diff --git a/src/libeis-client.c b/src/libeis-client.c
index bf74c7c..3ee396f 100644
--- a/src/libeis-client.c
+++ b/src/libeis-client.c
@@ -469,11 +469,11 @@ client_msg_configure_name(struct eis_client *client, const char *name)
 static int
 client_msg_configure_capabilities(struct eis_client *client, uint32_t allowed_caps)
 {
-	client->restrictions.cap_allow_mask = allowed_caps;
+	/* We silently ignore wrong configure messages */
+	if (client->state != EIS_CLIENT_STATE_NEW)
+		return 0;
 
-	/* FIXME: if something is disallowed now, we should disconnect
-	 * accordingly.
-	 */
+	client->restrictions.cap_allow_mask = allowed_caps;
 
 	return 0;
 }