diff --git a/src/cfgparse.c b/src/cfgparse.c
index 97adb9f2f..2f75c1660 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -84,11 +84,6 @@
 #include <proto/task.h>
 #include <proto/tcp_rules.h>
 
-#ifdef USE_OPENSSL
-#include <types/ssl_sock.h>
-#include <proto/ssl_sock.h>
-#include <proto/shctx.h>
-#endif /*USE_OPENSSL */
 
 /* This is the SSLv3 CLIENT HELLO packet used in conjunction with the
  * ssl-hello-chk option to ensure that the remote server speaks SSL.
@@ -8286,10 +8281,11 @@ out_uri_auth_compat:
 				newsrv->minconn = newsrv->maxconn;
 			}
 
-#ifdef USE_OPENSSL
-			if (newsrv->use_ssl || newsrv->check.use_ssl)
-				cfgerr += ssl_sock_prepare_srv_ctx(newsrv);
-#endif /* USE_OPENSSL */
+			/* this will also properly set the transport layer for prod and checks */
+			if (newsrv->use_ssl || newsrv->check.use_ssl) {
+				if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->prepare_srv)
+					cfgerr += xprt_get(XPRT_SSL)->prepare_srv(newsrv);
+			}
 
 			/* set the check type on the server */
 			newsrv->check.type = curproxy->options2 & PR_O2_CHK_ANY;
diff --git a/src/haproxy.c b/src/haproxy.c
index adffda924..611371ca2 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1446,10 +1446,11 @@ static void deinit(void)
 			free(s->agent.bo);
 			free(s->agent.send_string);
 			free((char*)s->conf.file);
-#ifdef USE_OPENSSL
-			if (s->use_ssl || s->check.use_ssl)
-				ssl_sock_free_srv_ctx(s);
-#endif
+
+			if (s->use_ssl || s->check.use_ssl) {
+				if (xprt_get(XPRT_SSL) && xprt_get(XPRT_SSL)->destroy_srv)
+					xprt_get(XPRT_SSL)->destroy_srv(s);
+			}
 			free(s);
 			s = s_next;
 		}/* end while(s) */
diff --git a/src/hlua.c b/src/hlua.c
index 0ed8ec99f..c343a7b39 100644
--- a/src/hlua.c
+++ b/src/hlua.c
@@ -48,7 +48,6 @@
 #include <proto/server.h>
 #include <proto/session.h>
 #include <proto/stream.h>
-#include <proto/ssl_sock.h>
 #include <proto/stream_interface.h>
 #include <proto/task.h>
 #include <proto/tcp_rules.h>
@@ -7697,7 +7696,8 @@ void hlua_init(void)
 	}
 
 	/* Initialize SSL server. */
-	ssl_sock_prepare_srv_ctx(&socket_ssl);
+	if (socket_ssl.xprt->prepare_srv)
+		socket_ssl.xprt->prepare_srv(&socket_ssl);
 #endif
 
 	RESET_SAFE_LJMP(gL.T);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index f5d4920a9..b39f3264e 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6660,6 +6660,8 @@ static struct xprt_ops ssl_sock = {
 	.init     = ssl_sock_init,
 	.prepare_bind_conf = ssl_sock_prepare_bind_conf,
 	.destroy_bind_conf = ssl_sock_destroy_bind_conf,
+	.prepare_srv = ssl_sock_prepare_srv_ctx,
+	.destroy_srv = ssl_sock_free_srv_ctx,
 	.name     = "SSL",
 };