diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 082b798fc5..42fb389043 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -2397,6 +2397,8 @@ static void sip_tcptls_client_args_destructor(void *obj)
 		ast_free(args->tls_cfg->cipher);
 		ast_free(args->tls_cfg->cafile);
 		ast_free(args->tls_cfg->capath);
+
+		ast_ssl_teardown(args->tls_cfg);
 	}
 	ast_free(args->tls_cfg);
 	ast_free((char *) args->name);
diff --git a/include/asterisk/astobj2.h b/include/asterisk/astobj2.h
index b19f828f27..77129c7784 100644
--- a/include/asterisk/astobj2.h
+++ b/include/asterisk/astobj2.h
@@ -462,7 +462,7 @@ void *__ao2_alloc(const size_t data_size, ao2_destructor_fn destructor_fn);
 
 #endif
 
-int __ao2_ref_debug(void *o, int delta, char *tag, char *file, int line, const char *funcname);
+int __ao2_ref_debug(void *o, int delta, const char *tag, const char *file, int line, const char *funcname);
 int __ao2_ref(void *o, int delta);
 
 /*! @} */
diff --git a/main/astobj2.c b/main/astobj2.c
index 5da94679c4..59322d261f 100644
--- a/main/astobj2.c
+++ b/main/astobj2.c
@@ -207,7 +207,7 @@ void *ao2_object_get_lockaddr(void *obj)
  */
 
 
-int __ao2_ref_debug(void *user_data, const int delta, char *tag, char *file, int line, const char *funcname)
+int __ao2_ref_debug(void *user_data, const int delta, const char *tag, const char *file, int line, const char *funcname)
 {
 	struct astobj2 *obj = INTERNAL_OBJ(user_data);
 	
diff --git a/main/ssl.c b/main/ssl.c
index ff202816ef..ef824754e8 100644
--- a/main/ssl.c
+++ b/main/ssl.c
@@ -81,9 +81,7 @@ int ast_ssl_init(void)
 
 	SSL_library_init();
 	SSL_load_error_strings();
-	ERR_load_crypto_strings();
 	ERR_load_BIO_strings();
-	OpenSSL_add_all_algorithms();
 
 	/* Make OpenSSL thread-safe. */
 
diff --git a/main/tcptls.c b/main/tcptls.c
index a18f1a8958..286985d27a 100644
--- a/main/tcptls.c
+++ b/main/tcptls.c
@@ -82,6 +82,7 @@ static int ssl_close(void *cookie)
 {
 	int cookie_fd = SSL_get_fd(cookie);
 	int ret;
+
 	if (cookie_fd > -1) {
 		/*
 		 * According to the TLS standard, it is acceptable for an application to only send its shutdown
@@ -91,6 +92,12 @@ static int ssl_close(void *cookie)
 		if ((ret = SSL_shutdown(cookie)) < 0) {
 			ast_log(LOG_ERROR, "SSL_shutdown() failed: %d\n", SSL_get_error(cookie, ret));
 		}
+
+		if (!((SSL*)cookie)->server) {
+			/* For client threads, ensure that the error stack is cleared */
+			ERR_remove_state(0);
+		}
+
 		SSL_free(cookie);
 		/* adding shutdown(2) here has no added benefit */
 		if (close(cookie_fd)) {
@@ -313,9 +320,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 	if (!cfg->enabled)
 		return 0;
 
-	SSL_load_error_strings();
-	SSLeay_add_ssl_algorithms();
-
 	/* Get rid of an old SSL_CTX since we're about to
 	 * allocate a new one
 	 */
@@ -357,7 +361,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 			if (!client) {
 				/* Clients don't need a certificate, but if its setup we can use it */
 				ast_verb(0, "SSL error loading cert file. <%s>", cfg->certfile);
-				sleep(2);
 				cfg->enabled = 0;
 				SSL_CTX_free(cfg->ssl_ctx);
 				cfg->ssl_ctx = NULL;
@@ -368,7 +371,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 			if (!client) {
 				/* Clients don't need a private key, but if its setup we can use it */
 				ast_verb(0, "SSL error loading private key file. <%s>", tmpprivate);
-				sleep(2);
 				cfg->enabled = 0;
 				SSL_CTX_free(cfg->ssl_ctx);
 				cfg->ssl_ctx = NULL;
@@ -380,7 +382,6 @@ static int __ssl_setup(struct ast_tls_config *cfg, int client)
 		if (SSL_CTX_set_cipher_list(cfg->ssl_ctx, cfg->cipher) == 0 ) {
 			if (!client) {
 				ast_verb(0, "SSL cipher error <%s>", cfg->cipher);
-				sleep(2);
 				cfg->enabled = 0;
 				SSL_CTX_free(cfg->ssl_ctx);
 				cfg->ssl_ctx = NULL;