diff --git a/packages/bun-usockets/src/crypto/openssl.c b/packages/bun-usockets/src/crypto/openssl.c
index 83d463b82f..d5aa64f487 100644
--- a/packages/bun-usockets/src/crypto/openssl.c
+++ b/packages/bun-usockets/src/crypto/openssl.c
@@ -1146,15 +1146,25 @@ SSL_CTX *create_ssl_context_from_bun_options(
   /* we should always accept moving write buffer so we can retry writes with a
    * buffer allocated in a different address */
   SSL_CTX_set_mode(ssl_context, SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);
-
+ 
   if (options.min_tls_version > 0) {
-    SSL_CTX_set_min_proto_version(ssl_context, options.min_tls_version);
+    if (!SSL_CTX_set_min_proto_version(ssl_context, options.min_tls_version)) {
+      free_ssl_context(ssl_context);
+      return NULL; 
+    }
   } else {
-    SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION);
+     
+    if (!SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION)) {
+      free_ssl_context(ssl_context);
+      return NULL;
+    }
   }
 
   if (options.max_tls_version > 0) {
-    SSL_CTX_set_max_proto_version(ssl_context, options.max_tls_version);
+    if (!SSL_CTX_set_max_proto_version(ssl_context, options.max_tls_version)) {
+      free_ssl_context(ssl_context);
+      return NULL;
+    }
   }
 
   /* The following are helpers. You may easily implement whatever you want by
diff --git a/src/bun.js/api/bun/socket.zig b/src/bun.js/api/bun/socket.zig
index 8c24b2b28a..adca28a10d 100644
--- a/src/bun.js/api/bun/socket.zig
+++ b/src/bun.js/api/bun/socket.zig
@@ -718,6 +718,12 @@ pub const Listener = struct {
             return globalObject.throwValue(err);
         };
 
+        if (ssl_enabled and create_err != .none) {
+            const js_err = create_err.toJS(globalObject);
+            uws.us_socket_context_free(1, socket_context);
+            return globalObject.throwValue(js_err);
+        }
+
         if (ssl_enabled) {
             if (ssl.?.protos) |p| {
                 protos = p[0..ssl.?.protos_len];
@@ -1220,6 +1226,12 @@ pub const Listener = struct {
             return globalObject.throwValue(err.toErrorInstance(globalObject));
         };
 
+        if (ssl_enabled and create_err != .none) {
+            const js_err = create_err.toJS(globalObject);
+            uws.us_socket_context_free(1, socket_context);
+            return globalObject.throwValue(js_err);
+        }
+
         if (ssl_enabled) {
             if (ssl.?.protos) |p| {
                 protos = p[0..ssl.?.protos_len];