diff --git a/lib/misc/lejp.c b/lib/misc/lejp.c
index 893f0b28c..cbce4ee4f 100644
--- a/lib/misc/lejp.c
+++ b/lib/misc/lejp.c
@@ -107,7 +107,7 @@ void
 lejp_destruct(struct lejp_ctx *ctx)
 {
 	/* no allocations... just let callback know what it happening */
-	if (ctx->pst[0].callback)
+	if (ctx && ctx->pst[0].callback)
 		ctx->pst[0].callback(ctx, LEJPCB_DESTRUCTED);
 }
 
diff --git a/lib/secure-streams/policy-common.c b/lib/secure-streams/policy-common.c
index b748a77c1..8399df154 100644
--- a/lib/secure-streams/policy-common.c
+++ b/lib/secure-streams/policy-common.c
@@ -420,6 +420,9 @@ lws_ss_policy_set(struct lws_context *context, const char *name)
 	 * policy that's laid out in args->ac
 	 */
 
+	if (!args)
+		return 1;
+
 	lejp_destruct(&args->jctx);
 
 	if (context->ac_policy) {
diff --git a/lib/secure-streams/policy-json.c b/lib/secure-streams/policy-json.c
index 647707678..c49879e1e 100644
--- a/lib/secure-streams/policy-json.c
+++ b/lib/secure-streams/policy-json.c
@@ -1152,10 +1152,16 @@ lws_ss_policy_parse_abandon(struct lws_context *context)
 		 * Free all the client DER buffers now they have been parsed
 		 * into tls library X.509 objects
 		 */
-		if (!x->keep) { /* used for server */
-			lws_free((void *)x->ca_der);
-			x->ca_der = NULL;
-		}
+		lws_free((void *)x->ca_der);
+		x->ca_der = NULL;
+
+		x = x->next;
+	}
+
+	x = context->server_der_list;
+	while (x) {
+		lws_free((void *)x->ca_der);
+		x->ca_der = NULL;
 
 		x = x->next;
 	}
@@ -1164,6 +1170,8 @@ lws_ss_policy_parse_abandon(struct lws_context *context)
 	lwsac_free(&args->ac);
 	lws_free_set_NULL(context->pol_args);
 
+	context->server_der_list = NULL;
+
 	return 0;
 }
 
diff --git a/lib/secure-streams/protocols/ss-h1.c b/lib/secure-streams/protocols/ss-h1.c
index 0877c5a8f..73cc25629 100644
--- a/lib/secure-streams/protocols/ss-h1.c
+++ b/lib/secure-streams/protocols/ss-h1.c
@@ -1052,7 +1052,7 @@ malformed:
 		if (!h)
 			return -1;
 
-		lwsl_notice("%s: LWS_CALLBACK_HTTP\n", __func__);
+		lwsl_info("%s: LWS_CALLBACK_HTTP\n", __func__);
 		{
 
 			h->txn_resp_set = 0;
@@ -1113,7 +1113,9 @@ malformed:
 
 		r = lws_ss_event_helper(h, LWSSSCS_SERVER_TXN);
 		if (r)
-			return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
+			return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r,
+								wsi, &h);
+
 		return 0;
 #endif
 
diff --git a/lib/secure-streams/secure-streams.c b/lib/secure-streams/secure-streams.c
index f87d22e86..8e398d24c 100644
--- a/lib/secure-streams/secure-streams.c
+++ b/lib/secure-streams/secure-streams.c
@@ -293,6 +293,7 @@ lws_ss_check_next_state(lws_lifecycle_t *lc, uint8_t *prevstate,
 {
 	if (cs >= LWSSSCS_USER_BASE ||
 	    cs == LWSSSCS_EVENT_WAIT_CANCELLED ||
+	    cs == LWSSSCS_SERVER_TXN ||
 	    cs == LWSSSCS_UPSTREAM_LINK_RETRY)
 		/*
 		 * we can't judge user or transient states, leave the old state