diff --git a/include/Connection.h b/include/Connection.h
index 06cfa101347..7abdebfc05a 100644
--- a/include/Connection.h
+++ b/include/Connection.h
@@ -110,6 +110,7 @@ typedef struct
 } swSSL_config;
 
 void swSSL_init(void);
+void swSSL_init_thread_safety();
 int swSSL_server_set_cipher(SSL_CTX* ssl_context, swSSL_config *cfg);
 void swSSL_server_http_advise(SSL_CTX* ssl_context, swSSL_config *cfg);
 SSL_CTX* swSSL_get_context(swSSL_option *option);
diff --git a/src/network/Port.c b/src/network/Port.c
index 694e4ce3447..dea6af0362a 100644
--- a/src/network/Port.c
+++ b/src/network/Port.c
@@ -69,6 +69,11 @@ int swPort_enable_ssl_encrypt(swListenPort *ls)
         swWarn("swSSL_get_context() error.");
         return SW_ERR;
     }
+    /**
+     * OpenSSL thread-safe
+     */
+    swSSL_init_thread_safety();
+
     if (ls->ssl_option.client_cert_file
             && swSSL_set_client_certificate(ls->ssl_context, ls->ssl_option.client_cert_file,
                     ls->ssl_option.verify_depth) == SW_ERR)
diff --git a/src/protocol/SSL.c b/src/protocol/SSL.c
index 17ea905819e..d810929acc0 100644
--- a/src/protocol/SSL.c
+++ b/src/protocol/SSL.c
@@ -43,7 +43,6 @@ static int swSSL_npn_advertised(SSL *ssl, const uchar **out, uint32_t *outlen, v
 static int swSSL_alpn_advertised(SSL *ssl, const uchar **out, uchar *outlen, const uchar *in, uint32_t inlen, void *arg);
 #endif
 
-static void swSSL_init_locks();
 static ulong_t swSSL_thread_id(void);
 static void swSSL_lock_callback(int mode, int type, char *file, int line);
 
@@ -117,7 +116,6 @@ void swSSL_init(void)
     SSL_load_error_strings();
     OpenSSL_add_all_algorithms();
 #endif
-    swSSL_init_locks();
     openssl_init = 1;
 }
 
@@ -138,7 +136,7 @@ static ulong_t swSSL_thread_id(void)
     return (ulong_t) pthread_self();;
 }
 
-static void swSSL_init_locks()
+void swSSL_init_thread_safety()
 {
     int i;
     lock_array = (pthread_mutex_t *) OPENSSL_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t));