diff --git a/src/server.c b/src/server.c
index b69d1d1d0..5819b754b 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1298,6 +1298,8 @@ int parse_server(const char *file, int linenum, char **args, struct proxy *curpr
 #if defined(USE_OPENSSL)
 			/* SSL config. */
 			newsrv->ssl_ctx.verify = curproxy->defsrv.ssl_ctx.verify;
+			if (curproxy->defsrv.ssl_ctx.verify_host != NULL)
+				newsrv->ssl_ctx.verify_host = strdup(curproxy->defsrv.ssl_ctx.verify_host);
 #endif
 
 			cur_arg = 3;
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 5285e244c..34860fe4e 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -6792,6 +6792,7 @@ static int srv_parse_verifyhost(char **args, int *cur_arg, struct proxy *px, str
 		return ERR_ALERT | ERR_FATAL;
 	}
 
+	free(newsrv->ssl_ctx.verify_host);
 	newsrv->ssl_ctx.verify_host = strdup(args[*cur_arg + 1]);
 
 	return 0;
@@ -7518,7 +7519,7 @@ static struct srv_kw_list srv_kws = { "SSL", { }, {
 	{ "tlsv12",                  srv_parse_tlsv12,            0, 1 }, /* enable TLSv12 */
 	{ "tls-tickets",             srv_parse_tls_tickets,       0, 1 }, /* enable session resumption tickets */
 	{ "verify",                  srv_parse_verify,            1, 1 }, /* set SSL verify method */
-	{ "verifyhost",              srv_parse_verifyhost,        1, 0 }, /* require that SSL cert verifies for hostname */
+	{ "verifyhost",              srv_parse_verifyhost,        1, 1 }, /* require that SSL cert verifies for hostname */
 	{ NULL, NULL, 0, 0 },
 }};