diff --git a/lib/server.c b/lib/server.c
index 91c37c18..d1ff1e9f 100644
--- a/lib/server.c
+++ b/lib/server.c
@@ -1729,7 +1729,9 @@ lws_http_transaction_completed(struct lws *wsi)
 			 */
 
 			if (wsi->vhost->use_ssl &&
-			    wsi->context->simultaneous_ssl == wsi->context->simultaneous_ssl_restriction) {
+			    wsi->context->simultaneous_ssl_restriction &&
+			    wsi->context->simultaneous_ssl ==
+				   wsi->context->simultaneous_ssl_restriction) {
 				lwsl_info("%s: simultaneous_ssl_restriction and nothing pipelined\n", __func__);
 				return 1;
 			}
@@ -2240,7 +2242,9 @@ try_pollout:
 			 */
 
 			if (wsi->vhost->use_ssl &&
-			    context->simultaneous_ssl == context->simultaneous_ssl_restriction)
+			    context->simultaneous_ssl_restriction &&
+			    context->simultaneous_ssl ==
+					  context->simultaneous_ssl_restriction)
 				/* no... ignore it, he won't come again until we are
 				 * below the simultaneous_ssl_restriction limit and
 				 * POLLIN is enabled on him again
diff --git a/lib/ssl.c b/lib/ssl.c
index 03e6d768..11aa14f4 100644
--- a/lib/ssl.c
+++ b/lib/ssl.c
@@ -477,7 +477,9 @@ lws_ssl_close(struct lws *wsi)
 	SSL_free(wsi->ssl);
 	wsi->ssl = NULL;
 
-	if (wsi->context->simultaneous_ssl-- == wsi->context->simultaneous_ssl_restriction)
+	if (wsi->context->simultaneous_ssl_restriction &&
+	    wsi->context->simultaneous_ssl-- ==
+			    wsi->context->simultaneous_ssl_restriction)
 		/* we made space and can do an accept */
 		lws_gate_accepts(wsi->context, 1);
 
@@ -507,7 +509,8 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
 			lwsl_err("%s: leaking ssl\n", __func__);
 		if (accept_fd == LWS_SOCK_INVALID)
 			assert(0);
-		if (context->simultaneous_ssl >= context->simultaneous_ssl_restriction) {
+		if (context->simultaneous_ssl_restriction &&
+		    context->simultaneous_ssl >= context->simultaneous_ssl_restriction) {
 			lwsl_notice("unable to deal with SSL connection\n");
 			return 1;
 		}
@@ -522,7 +525,8 @@ lws_server_socket_service_ssl(struct lws *wsi, lws_sockfd_type accept_fd)
 				compatible_close(accept_fd);
 			goto fail;
 		}
-		if (++context->simultaneous_ssl == context->simultaneous_ssl_restriction)
+		if (context->simultaneous_ssl_restriction &&
+		    ++context->simultaneous_ssl == context->simultaneous_ssl_restriction)
 			/* that was the last allowed SSL connection */
 			lws_gate_accepts(context, 0);