diff --git a/lib/misc/peer-limits.c b/lib/misc/peer-limits.c
index 1f3a71561..2f40c2ed0 100644
--- a/lib/misc/peer-limits.c
+++ b/lib/misc/peer-limits.c
@@ -91,6 +91,9 @@ lws_get_or_create_peer(struct lws_vhost *vhost, lws_sockfd_type sockfd)
 	for (n = 0; n < (int)rlen; n++)
 		hash = (uint32_t)((((hash << 4) | (hash >> 28)) * (uint32_t)n) ^ q8[n]);
 
+	if (!context->pl_hash_elements)
+		return NULL;
+
 	hash = hash % context->pl_hash_elements;
 
 	lws_context_lock(context, "peer search"); /* <======================= */
diff --git a/lib/roles/http/header.c b/lib/roles/http/header.c
index 72d3d6693..796c5cae2 100644
--- a/lib/roles/http/header.c
+++ b/lib/roles/http/header.c
@@ -180,7 +180,7 @@ lws_add_http_common_headers(struct lws *wsi, unsigned int code,
 		return 1;
 
 #if defined(LWS_WITH_HTTP_STREAM_COMPRESSION)
-	if (!wsi->http.lcs &&
+	if (!wsi->http.lcs && content_type &&
 	    (!strncmp(content_type, "text/", 5) ||
 	     !strcmp(content_type, "application/javascript") ||
 	     !strcmp(content_type, "image/svg+xml")))
diff --git a/lib/secure-streams/protocols/ss-h1.c b/lib/secure-streams/protocols/ss-h1.c
index 1e39b24c2..77c8971e3 100644
--- a/lib/secure-streams/protocols/ss-h1.c
+++ b/lib/secure-streams/protocols/ss-h1.c
@@ -466,10 +466,13 @@ secstream_h1(struct lws *wsi, enum lws_callback_reasons reason, void *user,
 			break;
 		} else
 			h->seqstate = SSSEQ_IDLE;
-		/* already disconnected, no action for DISCONNECT_ME */
-		r = lws_ss_event_helper(h, LWSSSCS_DISCONNECTED);
-		if (r != LWSSSSRET_OK)
-			return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
+
+		if (h->ss_dangling_connected) {
+			/* already disconnected, no action for DISCONNECT_ME */
+			r = lws_ss_event_helper(h, LWSSSCS_DISCONNECTED);
+			if (r != LWSSSSRET_OK)
+				return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
+		}
 		break;
 
 
@@ -969,6 +972,12 @@ malformed:
 			}
 		}
 
+		if (!h->ss_dangling_connected) {
+			r = lws_ss_event_helper(h, LWSSSCS_CONNECTED);
+			if (r)
+				return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
+		}
+
 		r = lws_ss_event_helper(h, LWSSSCS_SERVER_TXN);
 		if (r)
 			return _lws_ss_handle_state_ret_CAN_DESTROY_HANDLE(r, wsi, &h);
diff --git a/lib/secure-streams/secure-streams.c b/lib/secure-streams/secure-streams.c
index bec3a8bab..e8d804ac9 100644
--- a/lib/secure-streams/secure-streams.c
+++ b/lib/secure-streams/secure-streams.c
@@ -109,6 +109,7 @@ static const uint32_t ss_state_txn_validity[] = {
 					  (1 << LWSSSCS_DESTROYING),
 
 	[LWSSSCS_CONNECTED]		= (1 << LWSSSCS_SERVER_UPGRADE) |
+					  (1 << LWSSSCS_SERVER_TXN) |
 					  (1 << LWSSSCS_AUTH_FAILED) |
 					  (1 << LWSSSCS_QOS_ACK_REMOTE) |
 					  (1 << LWSSSCS_QOS_NACK_REMOTE) |
@@ -886,7 +887,7 @@ lws_ss_create(struct lws_context *context, int tsi, const lws_ss_info_t *ssi,
 		i.vhost_name	= h->policy->streamtype;
 		i.port		= h->policy->port;
 
-		if (i.iface[0] == '+') {
+		if (i.iface && i.iface[0] == '+') {
 			i.iface++;
 			i.options |= LWS_SERVER_OPTION_UNIX_SOCK;
 		}