diff --git a/Makefile b/Makefile
index 0d1d13a2e..ee7473ced 100644
--- a/Makefile
+++ b/Makefile
@@ -540,7 +540,7 @@ ifneq ($(USE_OPENSSL),)
 # in the usual path, use SSL_INC=/path/to/inc and SSL_LIB=/path/to/lib.
 BUILD_OPTIONS   += $(call ignore_implicit,USE_OPENSSL)
 OPTIONS_CFLAGS  += -DUSE_OPENSSL $(if $(SSL_INC),-I$(SSL_INC))
-OPTIONS_LDFLAGS += $(if $(SSL_LIB),-L$(SSL_LIB)) -lssl -lcrypto
+OPTIONS_LDFLAGS += $(if $(SSL_LIB),-L$(SSL_LIB)) -lssl -lcrypto -ldl
 OPTIONS_OBJS  += src/ssl_sock.o src/shctx.o
 ifneq ($(USE_PRIVATE_CACHE),)
 OPTIONS_CFLAGS  += -DUSE_PRIVATE_CACHE
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 9f4b061e9..fbf8f9a62 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -1957,10 +1957,15 @@ int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf, struct proxy *px)
 	if (!bind_conf || !bind_conf->is_ssl)
 		return 0;
 
+	if (bind_conf->default_ctx)
+		err += ssl_sock_prepare_ctx(bind_conf, bind_conf->default_ctx, px);
+
 	node = ebmb_first(&bind_conf->sni_ctx);
 	while (node) {
 		sni = ebmb_entry(node, struct sni_ctx, name);
-		if (!sni->order) /* only initialize the CTX on its first occurrence */
+		if (!sni->order && sni->ctx != bind_conf->default_ctx)
+			/* only initialize the CTX on its first occurrence and
+			   if it is not the default_ctx */
 			err += ssl_sock_prepare_ctx(bind_conf, sni->ctx, px);
 		node = ebmb_next(node);
 	}
@@ -1968,7 +1973,9 @@ int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf, struct proxy *px)
 	node = ebmb_first(&bind_conf->sni_w_ctx);
 	while (node) {
 		sni = ebmb_entry(node, struct sni_ctx, name);
-		if (!sni->order) /* only initialize the CTX on its first occurrence */
+		if (!sni->order && sni->ctx != bind_conf->default_ctx)
+			/* only initialize the CTX on its first occurrence and
+			   if it is not the default_ctx */
 			err += ssl_sock_prepare_ctx(bind_conf, sni->ctx, px);
 		node = ebmb_next(node);
 	}