diff --git a/lib/libwebsockets.c b/lib/libwebsockets.c
index 41918d0b..3393f70e 100644
--- a/lib/libwebsockets.c
+++ b/lib/libwebsockets.c
@@ -751,6 +751,7 @@ just_kill_connection:
 		/* libuv: no event available to guarantee completion */
 		if (!wsi->socket_is_permanently_unusable &&
 		    lws_sockfd_valid(wsi->desc.sockfd) &&
+		    wsi->state != ((wsi->state & ~0x1f) | LWSS_SHUTDOWN) &&
 		    !LWS_LIBUV_ENABLED(context)) {
 			lws_change_pollfd(wsi, LWS_POLLOUT, LWS_POLLIN);
 			wsi->state = (wsi->state & ~0x1f) | LWSS_SHUTDOWN;
diff --git a/lib/server/ssl-server.c b/lib/server/ssl-server.c
index 0a83941e..5a133814 100644
--- a/lib/server/ssl-server.c
+++ b/lib/server/ssl-server.c
@@ -218,14 +218,16 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
 				if (lws_check_opt(context->options,
 				    LWS_SERVER_OPTION_REDIRECT_HTTP_TO_HTTPS))
 					wsi->redirect_to_https = 1;
+				lwsl_debug("accepted as non-ssl\n");
 				goto accepted;
 			}
-			if (!n) /*
-				 * connection is gone, or nothing to read
-				 * if it's gone, we will timeout on
-				 * PENDING_TIMEOUT_SSL_ACCEPT
+			if (!n) {
+				/*
+				 * connection is gone, fail out
 				 */
-				break;
+				lwsl_debug("PEEKed 0\n");
+				goto fail;
+			}
 			if (n < 0 && (LWS_ERRNO == LWS_EAGAIN ||
 				      LWS_ERRNO == LWS_EWOULDBLOCK)) {
 				/*