diff --git a/libratbox/src/openssl.c b/libratbox/src/openssl.c
index defcfa93..6cc07d01 100644
--- a/libratbox/src/openssl.c
+++ b/libratbox/src/openssl.c
@@ -325,7 +325,11 @@ rb_init_ssl(void)
 	/* Set ECDHE on OpenSSL 1.00+, but make sure it's actually available because redhat are dicks
 	   and bastardise their OpenSSL for stupid reasons... */
 	#if (OPENSSL_VERSION_NUMBER >= 0x10000000) && defined(NID_secp384r1)
-		SSL_CTX_set_tmp_ecdh(ssl_server_ctx, EC_KEY_new_by_curve_name(NID_secp384r1));
+		EC_KEY *key = EC_KEY_new_by_curve_name(NID_secp384r1);
+		if (key) {
+			SSL_CTX_set_tmp_ecdh(ssl_server_ctx, key);
+			EC_KEY_free(key);
+		}
 #ifdef SSL_OP_SINGLE_ECDH_USE
 		SSL_CTX_set_options(ssl_server_ctx, SSL_OP_SINGLE_ECDH_USE);
 #endif