diff --git a/doc/configuration.txt b/doc/configuration.txt
index 632268f94..754e4395c 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -9083,6 +9083,7 @@ no option abortonclose
       likely that some users will give up, and it's pointless to waste CPU
       cycles on their handshakes. Given the CPU cost of TLS handshakes, it is
       recommended to leave this option enabled on internet-facing frontends.
+      This is the default for incoming TLS connections.
 
     - when present in a backend, it will cause half-closed connections to try
       to abort a request that was not yet sent to a server (i.e. when it's
@@ -9096,7 +9097,10 @@ no option abortonclose
   and HTTP services, and to disable it for pure TCP ones as well as unexposed
   legacy environments. It is enabled by default in HTTP backends, and may be
   forcefully disabled by prepending the "no" keyword before it, either in the
-  backend section itself, or in the "defaults" section it inherits from.
+  backend section itself, or in the "defaults" section it inherits from. It is
+  also enabled by default for TLS listeners and may be forcefully disabled as
+  well by specifying "no option abortonclose" in the frontend or in the
+  "defaults" section it inherits from.
 
   If this option has been enabled in a "defaults" section, it can be disabled
   in a specific instance by prepending the "no" keyword before it.
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 6fa65952f..d997775cc 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -385,7 +385,7 @@ static int ha_ssl_read(BIO *h, char *buf, int size)
 
 	if (ctx->conn->flags & CO_FL_SSL_WAIT_HS &&
 	    !conn_is_back(ctx->conn) &&
-	    proxy_abrt_close(((struct session *)ctx->conn->owner)->fe))
+	    proxy_abrt_close_def(((struct session *)ctx->conn->owner)->fe, 1))
 		detect_shutr = 1;
 	else
 		detect_shutr = 0;