diff --git a/include/proto/ssl_sock.h b/include/proto/ssl_sock.h
index 1b6c081ece..b87758091f 100644
--- a/include/proto/ssl_sock.h
+++ b/include/proto/ssl_sock.h
@@ -46,6 +46,7 @@ int ssl_sock_handshake(struct connection *conn, unsigned int flag);
 int ssl_sock_prepare_ctx(struct bind_conf *bind_conf, SSL_CTX *ctx, struct proxy *proxy);
 int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf, struct proxy *px);
 int ssl_sock_prepare_srv_ctx(struct server *srv, struct proxy *px);
+void ssl_sock_free_srv_ctx(struct server *srv);
 void ssl_sock_free_all_ctx(struct bind_conf *bind_conf);
 int ssl_sock_load_ca(struct bind_conf *bind_conf, struct proxy *px);
 void ssl_sock_free_ca(struct bind_conf *bind_conf);
diff --git a/src/haproxy.c b/src/haproxy.c
index 217247d6d7..62fb603cd0 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1411,6 +1411,10 @@ void deinit(void)
 			free(s->agent.bi);
 			free(s->agent.bo);
 			free((char*)s->conf.file);
+#ifdef USE_OPENSSL
+			if (s->use_ssl || s->check.use_ssl)
+				ssl_sock_free_srv_ctx(s);
+#endif
 			free(s);
 			s = s_next;
 		}/* end while(s) */
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index deb658e98a..0703bc41e1 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -2444,6 +2444,14 @@ int ssl_sock_prepare_all_ctx(struct bind_conf *bind_conf, struct proxy *px)
 	return err;
 }
 
+
+/* release ssl context allocated for servers. */
+void ssl_sock_free_srv_ctx(struct server *srv)
+{
+	if (srv->ssl_ctx.ctx)
+		SSL_CTX_free(srv->ssl_ctx.ctx);
+}
+
 /* Walks down the two trees in bind_conf and frees all the certs. The pointer may
  * be NULL, in which case nothing is done. The default_ctx is nullified too.
  */