diff --git a/java/org/apache/tomcat/util/net/SSLContext.java b/java/org/apache/tomcat/util/net/SSLContext.java
index 2e1a3a8ff3bc..57cacab4e28c 100644
--- a/java/org/apache/tomcat/util/net/SSLContext.java
+++ b/java/org/apache/tomcat/util/net/SSLContext.java
@@ -37,6 +37,8 @@ public interface SSLContext {
     public void init(KeyManager[] kms, TrustManager[] tms,
             SecureRandom sr) throws KeyManagementException;
 
+    public void destroy();
+
     public SSLSessionContext getServerSessionContext();
 
     public SSLEngine createSSLEngine();
diff --git a/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java b/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
index 39abb852502b..c4ec83df3f5c 100644
--- a/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
+++ b/java/org/apache/tomcat/util/net/jsse/JSSESSLContext.java
@@ -43,6 +43,10 @@ public void init(KeyManager[] kms, TrustManager[] tms, SecureRandom sr)
         context.init(kms, tms, sr);
     }
 
+    @Override
+    public void destroy() {
+    }
+
     @Override
     public SSLSessionContext getServerSessionContext() {
         return context.getServerSessionContext();
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
index 106b1533aead..ca26cc85951d 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLContext.java
@@ -166,15 +166,20 @@ public OpenSSLContext(SSLHostConfig sslHostConfig, SSLHostConfigCertificate cert
             throw new SSLException(sm.getString("openssl.errorSSLCtxInit"), e);
         } finally {
             if (!success) {
-                destroyPools();
+                destroy();
             }
         }
     }
 
-    private void destroyPools() {
+    public synchronized void destroy() {
         // Guard against multiple destroyPools() calls triggered by construction exception and finalize() later
-        if (aprPool != 0 && DESTROY_UPDATER.compareAndSet(this, 0, 1)) {
-            Pool.destroy(aprPool);
+        if (DESTROY_UPDATER.compareAndSet(this, 0, 1)) {
+            if (ctx != 0) {
+                SSLContext.free(ctx);
+            }
+            if (aprPool != 0) {
+                Pool.destroy(aprPool);
+            }
         }
     }
 
@@ -437,15 +442,4 @@ public SSLParameters getSupportedSSLParameters() {
         throw new UnsupportedOperationException();
     }
 
-    @Override
-    protected final void finalize() throws Throwable {
-        super.finalize();
-        synchronized (OpenSSLContext.class) {
-            if (ctx != 0) {
-                SSLContext.free(ctx);
-            }
-        }
-        //FIXME: this causes crashes in the testsuite
-        //destroyPools();
-    }
 }