diff --git a/src/cfgparse.c b/src/cfgparse.c
index f1f0f9ba0..6d446ad3f 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -8801,31 +8801,8 @@ out_uri_auth_compat:
 
 		/* Release unused SSL configs */
 		list_for_each_entry(bind_conf, &curproxy->conf.bind, by_fe) {
-			if (bind_conf->is_ssl)
-				continue;
-#ifdef USE_OPENSSL
-			ssl_sock_free_ca(bind_conf);
-			ssl_sock_free_all_ctx(bind_conf);
-			free(bind_conf->ca_file);
-			free(bind_conf->ca_sign_file);
-			free(bind_conf->ca_sign_pass);
-			free(bind_conf->ciphers);
-			free(bind_conf->ecdhe);
-			free(bind_conf->crl_file);
-			if(bind_conf->keys_ref) {
-				free(bind_conf->keys_ref->filename);
-				free(bind_conf->keys_ref->tlskeys);
-				LIST_DEL(&bind_conf->keys_ref->list);
-				free(bind_conf->keys_ref);
-			}
-			bind_conf->keys_ref = NULL;
-			bind_conf->crl_file = NULL;
-			bind_conf->ecdhe = NULL;
-			bind_conf->ciphers = NULL;
-			bind_conf->ca_sign_pass = NULL;
-			bind_conf->ca_sign_file = NULL;
-			bind_conf->ca_file = NULL;
-#endif /* USE_OPENSSL */
+			if (!bind_conf->is_ssl && bind_conf->xprt->destroy_bind_conf)
+				bind_conf->xprt->destroy_bind_conf(bind_conf);
 		}
 
 		if (my_popcountl(curproxy->bind_proc & nbits(global.nbproc)) > 1) {
diff --git a/src/haproxy.c b/src/haproxy.c
index ef846fe4e..adffda924 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1466,16 +1466,8 @@ static void deinit(void)
 
 		/* Release unused SSL configs. */
 		list_for_each_entry_safe(bind_conf, bind_back, &p->conf.bind, by_fe) {
-#ifdef USE_OPENSSL
-			ssl_sock_free_ca(bind_conf);
-			ssl_sock_free_all_ctx(bind_conf);
-			free(bind_conf->ca_file);
-			free(bind_conf->ca_sign_file);
-			free(bind_conf->ca_sign_pass);
-			free(bind_conf->ciphers);
-			free(bind_conf->ecdhe);
-			free(bind_conf->crl_file);
-#endif /* USE_OPENSSL */
+			if (bind_conf->xprt->destroy_bind_conf)
+				bind_conf->xprt->destroy_bind_conf(bind_conf);
 			free(bind_conf->file);
 			free(bind_conf->arg);
 			LIST_DEL(&bind_conf->by_fe);
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 490003f40..ae821e007 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -3308,6 +3308,32 @@ void ssl_sock_free_all_ctx(struct bind_conf *bind_conf)
 	bind_conf->default_ctx = NULL;
 }
 
+/* Destroys all the contexts for a bind_conf. This is used during deinit(). */
+void ssl_sock_destroy_bind_conf(struct bind_conf *bind_conf)
+{
+	ssl_sock_free_ca(bind_conf);
+	ssl_sock_free_all_ctx(bind_conf);
+	free(bind_conf->ca_file);
+	free(bind_conf->ca_sign_file);
+	free(bind_conf->ca_sign_pass);
+	free(bind_conf->ciphers);
+	free(bind_conf->ecdhe);
+	free(bind_conf->crl_file);
+	if (bind_conf->keys_ref) {
+		free(bind_conf->keys_ref->filename);
+		free(bind_conf->keys_ref->tlskeys);
+		LIST_DEL(&bind_conf->keys_ref->list);
+		free(bind_conf->keys_ref);
+	}
+	bind_conf->keys_ref = NULL;
+	bind_conf->crl_file = NULL;
+	bind_conf->ecdhe = NULL;
+	bind_conf->ciphers = NULL;
+	bind_conf->ca_sign_pass = NULL;
+	bind_conf->ca_sign_file = NULL;
+	bind_conf->ca_file = NULL;
+}
+
 /* Load CA cert file and private key used to generate certificates */
 int
 ssl_sock_load_ca(struct bind_conf *bind_conf)
@@ -6632,6 +6658,7 @@ struct xprt_ops ssl_sock = {
 	.close    = ssl_sock_close,
 	.init     = ssl_sock_init,
 	.prepare_bind_conf = ssl_sock_prepare_bind_conf,
+	.destroy_bind_conf = ssl_sock_destroy_bind_conf,
 	.name     = "SSL",
 };