diff --git a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
index 135298001..f0bfc2cf9 100644
--- a/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
+++ b/libraries/ESP8266WiFi/src/WiFiClientSecure.cpp
@@ -94,6 +94,9 @@ public:
         ssl_ext_set_host_name(ext, hostName);
         ssl_ext_set_max_fragment_size(ext, 4096);
         s_io_ctx = ctx;
+        if (_ssl) {
+            ssl_free(_ssl);
+        }
         _ssl = ssl_client_new(_ssl_ctx, 0, nullptr, 0, ext);
         uint32_t t = millis();
 
@@ -239,7 +242,7 @@ protected:
             }
             return 0;
         }
-        DEBUGV(":wcs ra %d", rc);
+        DEBUGV(":wcs ra %d\r\n", rc);
         _read_ptr = data;
         _available = rc;
         return _available;
@@ -311,13 +314,10 @@ int WiFiClientSecure::connect(const char* name, uint16_t port)
 
 int WiFiClientSecure::_connectSSL(const char* hostName)
 {
-    if (_ssl) {
-        _ssl->unref();
-        _ssl = nullptr;
+    if (!_ssl) {
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
-
-    _ssl = new SSLContext;
-    _ssl->ref();
     _ssl->connect(_client, hostName, 5000);
 
     auto status = ssl_handshake_status(*_ssl);
@@ -553,7 +553,8 @@ bool WiFiClientSecure::verifyCertChain(const char* domain_name)
 bool WiFiClientSecure::setCACert(const uint8_t* pk, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_X509_CACERT, pk, size);
 }
@@ -561,7 +562,8 @@ bool WiFiClientSecure::setCACert(const uint8_t* pk, size_t size)
 bool WiFiClientSecure::setCertificate(const uint8_t* pk, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_X509_CERT, pk, size);
 }
@@ -569,7 +571,8 @@ bool WiFiClientSecure::setCertificate(const uint8_t* pk, size_t size)
 bool WiFiClientSecure::setPrivateKey(const uint8_t* pk, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_RSA_KEY, pk, size);
 }
@@ -577,7 +580,8 @@ bool WiFiClientSecure::setPrivateKey(const uint8_t* pk, size_t size)
 bool WiFiClientSecure::loadCACert(Stream& stream, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_X509_CACERT, stream, size);
 }
@@ -585,7 +589,8 @@ bool WiFiClientSecure::loadCACert(Stream& stream, size_t size)
 bool WiFiClientSecure::loadCertificate(Stream& stream, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_X509_CERT, stream, size);
 }
@@ -593,7 +598,8 @@ bool WiFiClientSecure::loadCertificate(Stream& stream, size_t size)
 bool WiFiClientSecure::loadPrivateKey(Stream& stream, size_t size)
 {
     if (!_ssl) {
-        return false;
+        _ssl = new SSLContext;
+        _ssl->ref();
     }
     return _ssl->loadObject(SSL_OBJ_RSA_KEY, stream, size);
 }