diff --git a/base/network.c b/base/network.c
index b44b8a2..766c169 100644
--- a/base/network.c
+++ b/base/network.c
@@ -86,17 +86,22 @@ int network_handler_create(mod,handlerp)
     _status=0;
   abort:
     if(_status){
-      network_handler_destroy(&handler);
+      network_handler_destroy(mod, &handler);
     }
     return(_status);
   }
 
-int network_handler_destroy(handlerp)
+int network_handler_destroy(mod,handlerp)
+  proto_mod *mod;
   n_handler **handlerp;
   {
+    n_handler *handler=0;
     if(!handlerp || !*handlerp)
       return(0);
 
+    handler = *handlerp;
+
+    mod->vtbl->destroy_ctx(mod->handle,&handler->ctx);
     free(*handlerp);
     *handlerp=0;
     return(0);
diff --git a/base/network.h b/base/network.h
index 2a21635..65cbb1c 100644
--- a/base/network.h
+++ b/base/network.h
@@ -75,7 +75,7 @@ typedef struct packet_ packet;
 
 int network_handler_create PROTO_LIST((proto_mod *mod,
   n_handler **handlerp));
-int network_handler_destroy PROTO_LIST((n_handler **handlerp));
+int network_handler_destroy PROTO_LIST((proto_mod *mod,n_handler **handlerp));
 int network_process_packet PROTO_LIST((n_handler *handler,
   struct timeval *timestamp,UCHAR *data,int length));
 int packet_copy PROTO_LIST((packet *in,packet **out));
diff --git a/base/pcap-snoop.c b/base/pcap-snoop.c
index 8524366..bfa6161 100644
--- a/base/pcap-snoop.c
+++ b/base/pcap-snoop.c
@@ -141,6 +141,8 @@ void sig_handler(int sig)
     if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
         printf("Cleaned %d remaining connection(s) from connection pool\n", freed_conn);
 
+    network_handler_destroy(mod, &n);
+
     if(p)
 	pcap_close(p);
     if(interface_name)
@@ -496,6 +498,7 @@ int main(argc,argv)
     if(freed_conn && !(NET_print_flags & NET_PRINT_JSON))
         printf("Cleaned %d remaining connection(s) from connection pool\n", freed_conn);
 
+    network_handler_destroy(mod, &n);
     pcap_close(p);
 
     free(n);
diff --git a/base/proto_mod.h b/base/proto_mod.h
index 8dddaaf..db5502a 100644
--- a/base/proto_mod.h
+++ b/base/proto_mod.h
@@ -62,6 +62,7 @@ struct proto_mod_vtbl_ {
        proto_obj **objp,
        struct in_addr *i_addr,u_short i_port,
        struct in_addr *r_addr,u_short r_port,struct timeval *time_base));
+     int (*destroy_ctx) PROTO_LIST((void *handle,proto_ctx **ctxp));
      int (*destroy) PROTO_LIST((proto_obj **objp));
      int (*data) PROTO_LIST((proto_obj *obj,segment *data,int direction));
      int (*close) PROTO_LIST((proto_obj *obj,packet *p,int direction));
diff --git a/ssl/ssl_analyze.c b/ssl/ssl_analyze.c
index 2dda2ab..09ce8f2 100644
--- a/ssl/ssl_analyze.c
+++ b/ssl/ssl_analyze.c
@@ -61,6 +61,7 @@ static int create_ssl_analyzer PROTO_LIST((void *handle,
   proto_ctx *ctx,tcp_conn *conn,proto_obj **objp,
   struct in_addr *i_addr,u_short i_port,
   struct in_addr *r_addr,u_short r_port, struct timeval *base_time));
+static int destroy_ssl_ctx PROTO_LIST((void *handle,proto_ctx **ctxp));
 static int destroy_ssl_analyzer PROTO_LIST((proto_obj **objp));
 static int read_ssl_record PROTO_LIST((ssl_obj *obj,r_queue *q,segment *seg,
   int offset,segment **lastp,int *offsetp));
@@ -228,6 +229,15 @@ static int create_ssl_ctx(handle,ctxp)
     return(_status);
   }
 
+static int destroy_ssl_ctx(handle,ctxp)
+  void *handle;
+  proto_ctx **ctxp;
+  {
+        ssl_decode_ctx *ctx=0;
+        ctx=(ssl_decode_ctx *) *ctxp;
+	ssl_decode_ctx_destroy(&ctx);
+  }
+
 static int create_ssl_analyzer(void *handle, proto_ctx *ctx, tcp_conn *conn,
   proto_obj **objp, struct in_addr *i_addr, u_short i_port, struct in_addr *r_addr,
   u_short r_port, struct timeval *base_time)
@@ -635,6 +645,7 @@ static struct proto_mod_vtbl_ ssl_vtbl ={
      parse_ssl_flag,
      create_ssl_ctx,
      create_ssl_analyzer,
+     destroy_ssl_ctx,
      destroy_ssl_analyzer,
      data_ssl_analyzer,
      close_ssl_analyzer,
diff --git a/ssl/ssldecode.c b/ssl/ssldecode.c
index 14c9e2f..162a3f3 100644
--- a/ssl/ssldecode.c
+++ b/ssl/ssldecode.c
@@ -191,6 +191,25 @@ int ssl_decode_ctx_create(dp,keyfile,pass,keylogfile)
 #endif
   }
 
+int ssl_decode_ctx_destroy(dp)
+  ssl_decode_ctx **dp;
+  {
+#ifdef OPENSSL
+    ssl_decode_ctx *d = *dp;
+    if(d->ssl_key_log_file) {
+      fclose(d->ssl_key_log_file);
+    }
+
+    r_assoc *x = d->session_cache;
+    r_assoc_destroy(&d->session_cache);
+
+    SSL_CTX_free(d->ssl_ctx);
+    SSL_free(d->ssl);
+    free(d);
+#endif
+    return(0);
+  }
+
 int ssl_decoder_create(dp,ctx)
   ssl_decoder **dp;
   ssl_decode_ctx *ctx;
diff --git a/ssl/ssldecode.h b/ssl/ssldecode.h
index 74b8a6b..a878716 100644
--- a/ssl/ssldecode.h
+++ b/ssl/ssldecode.h
@@ -52,6 +52,7 @@
 
 int ssl_decode_ctx_create PROTO_LIST((ssl_decode_ctx **ctx,
   char *keyfile,char *password,char *keylogfile));
+int ssl_decode_ctx_destroy(ssl_decode_ctx **dp);
 int ssl_decoder_destroy PROTO_LIST((ssl_decoder **dp));
 int ssl_decoder_create PROTO_LIST((ssl_decoder **dp,ssl_decode_ctx *ctx));
 int ssl_set_client_random PROTO_LIST((ssl_decoder *dp,