diff --git a/librb/src/openssl.c b/librb/src/openssl.c
index 320de146..63b1dfc8 100644
--- a/librb/src/openssl.c
+++ b/librb/src/openssl.c
@@ -375,6 +375,9 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil
 {
 	const char librb_ciphers[] = "kEECDH+HIGH:kEDH+HIGH:HIGH:!aNULL";
 
+	SSL_CTX *ssl_server_ctx_new;
+	SSL_CTX *ssl_client_ctx_new;
+
 	#ifdef LRB_HAVE_TLS_SET_CURVES
 	const char librb_curves[] = "P-521:P-384:P-256";
 	#endif
@@ -391,65 +394,61 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil
 	if(cipher_list == NULL)
 		cipher_list = librb_ciphers;
 
-	if (ssl_server_ctx)
-		SSL_CTX_free(ssl_server_ctx);
-
-	if (ssl_client_ctx)
-		SSL_CTX_free(ssl_client_ctx);
-
 	#ifdef LRB_HAVE_TLS_METHOD_API
-	ssl_server_ctx = SSL_CTX_new(TLS_server_method());
-	ssl_client_ctx = SSL_CTX_new(TLS_client_method());
+	ssl_server_ctx_new = SSL_CTX_new(TLS_server_method());
+	ssl_client_ctx_new = SSL_CTX_new(TLS_client_method());
 	#else
-	ssl_server_ctx = SSL_CTX_new(SSLv23_server_method());
-	ssl_client_ctx = SSL_CTX_new(SSLv23_client_method());
+	ssl_server_ctx_new = SSL_CTX_new(SSLv23_server_method());
+	ssl_client_ctx_new = SSL_CTX_new(SSLv23_client_method());
 	#endif
 
-	if(ssl_server_ctx == NULL)
+	if(ssl_server_ctx_new == NULL)
 	{
 		rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL server context: %s",
 			   get_ssl_error(ERR_get_error()));
 		return 0;
 	}
 
-	if(ssl_client_ctx == NULL)
+	if(ssl_client_ctx_new == NULL)
 	{
 		rb_lib_log("rb_init_openssl: Unable to initialize OpenSSL client context: %s",
 			   get_ssl_error(ERR_get_error()));
+
+		SSL_CTX_free(ssl_server_ctx_new);
 		return 0;
 	}
 
 	#ifndef LRB_HAVE_TLS_METHOD_API
-	SSL_CTX_set_options(ssl_server_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
-	SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+	SSL_CTX_set_options(ssl_server_ctx_new, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+	SSL_CTX_set_options(ssl_client_ctx_new, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 	#endif
 
 	#ifdef SSL_OP_SINGLE_DH_USE
-	SSL_CTX_set_options(ssl_server_ctx, SSL_OP_SINGLE_DH_USE);
+	SSL_CTX_set_options(ssl_server_ctx_new, SSL_OP_SINGLE_DH_USE);
 	#endif
 
 	#ifdef SSL_OP_SINGLE_ECDH_USE
-	SSL_CTX_set_options(ssl_server_ctx, SSL_OP_SINGLE_ECDH_USE);
+	SSL_CTX_set_options(ssl_server_ctx_new, SSL_OP_SINGLE_ECDH_USE);
 	#endif
 
 	#ifdef SSL_OP_NO_TICKET
-	SSL_CTX_set_options(ssl_server_ctx, SSL_OP_NO_TICKET);
-	SSL_CTX_set_options(ssl_client_ctx, SSL_OP_NO_TICKET);
+	SSL_CTX_set_options(ssl_server_ctx_new, SSL_OP_NO_TICKET);
+	SSL_CTX_set_options(ssl_client_ctx_new, SSL_OP_NO_TICKET);
 	#endif
 
 	#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE
-	SSL_CTX_set_options(ssl_server_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
+	SSL_CTX_set_options(ssl_server_ctx_new, SSL_OP_CIPHER_SERVER_PREFERENCE);
 	#endif
 
-	SSL_CTX_set_verify(ssl_server_ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_accept_all_cb);
-	SSL_CTX_set_session_cache_mode(ssl_server_ctx, SSL_SESS_CACHE_OFF);
+	SSL_CTX_set_verify(ssl_server_ctx_new, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, verify_accept_all_cb);
+	SSL_CTX_set_session_cache_mode(ssl_server_ctx_new, SSL_SESS_CACHE_OFF);
 
 	#ifdef LRB_HAVE_TLS_SET_CURVES
-	SSL_CTX_set1_curves_list(ssl_server_ctx, librb_curves);
+	SSL_CTX_set1_curves_list(ssl_server_ctx_new, librb_curves);
 	#endif
 
 	#ifdef LRB_HAVE_TLS_ECDH_AUTO
-	SSL_CTX_set_ecdh_auto(ssl_server_ctx, 1);
+	SSL_CTX_set_ecdh_auto(ssl_server_ctx_new, 1);
 	#endif
 
 	/*
@@ -458,25 +457,31 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil
 	#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) && (OPENSSL_VERSION_NUMBER < 0x10002000L) && !defined(OPENSSL_NO_ECDH)
 	EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1);
 	if (key) {
-		SSL_CTX_set_tmp_ecdh(ssl_server_ctx, key);
+		SSL_CTX_set_tmp_ecdh(ssl_server_ctx_new, key);
 		EC_KEY_free(key);
 	}
 	#endif
 
-	SSL_CTX_set_cipher_list(ssl_server_ctx, cipher_list);
-	SSL_CTX_set_cipher_list(ssl_client_ctx, cipher_list);
+	SSL_CTX_set_cipher_list(ssl_server_ctx_new, cipher_list);
+	SSL_CTX_set_cipher_list(ssl_client_ctx_new, cipher_list);
 
-	if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx, certfile) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx, certfile))
+	if(!SSL_CTX_use_certificate_chain_file(ssl_server_ctx_new, certfile) || !SSL_CTX_use_certificate_chain_file(ssl_client_ctx_new, certfile))
 	{
 		rb_lib_log("rb_setup_ssl_server: Error loading certificate file [%s]: %s", certfile,
 			   get_ssl_error(ERR_get_error()));
+
+		SSL_CTX_free(ssl_server_ctx_new);
+		SSL_CTX_free(ssl_client_ctx_new);
 		return 0;
 	}
 
-	if(!SSL_CTX_use_PrivateKey_file(ssl_server_ctx, keyfile, SSL_FILETYPE_PEM) || !SSL_CTX_use_PrivateKey_file(ssl_client_ctx, keyfile, SSL_FILETYPE_PEM))
+	if(!SSL_CTX_use_PrivateKey_file(ssl_server_ctx_new, keyfile, SSL_FILETYPE_PEM) || !SSL_CTX_use_PrivateKey_file(ssl_client_ctx_new, keyfile, SSL_FILETYPE_PEM))
 	{
 		rb_lib_log("rb_setup_ssl_server: Error loading keyfile [%s]: %s", keyfile,
 			   get_ssl_error(ERR_get_error()));
+
+		SSL_CTX_free(ssl_server_ctx_new);
+		SSL_CTX_free(ssl_client_ctx_new);
 		return 0;
 	}
 
@@ -499,12 +504,21 @@ rb_setup_ssl_server(const char *certfile, const char *keyfile, const char *dhfil
 		}
 		else
 		{
-			SSL_CTX_set_tmp_dh(ssl_server_ctx, dh);
+			SSL_CTX_set_tmp_dh(ssl_server_ctx_new, dh);
 			DH_free(dh);
 			fclose(fp);
 		}
 	}
 
+	if (ssl_server_ctx)
+		SSL_CTX_free(ssl_server_ctx);
+
+	if (ssl_client_ctx)
+		SSL_CTX_free(ssl_client_ctx);
+
+	ssl_server_ctx = ssl_server_ctx_new;
+	ssl_client_ctx = ssl_client_ctx_new;
+
 	return 1;
 }