diff --git a/configure.ac b/configure.ac
index bc72485ea..b44af24d9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -115,7 +115,7 @@ AC_C_BIGENDIAN
 # check if functions of interest are linkable, but also check if
 # they're declared by the expected headers, and if not, supersede the
 # unusable positive from AC_CHECK_FUNCS().
-AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket strftime])
+AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket strftime atexit])
 AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, inet_ntoa, memset, socket, strftime], [], [
 if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
 then
diff --git a/src/ssl.c b/src/ssl.c
index 462fd0651..a56377129 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5004,6 +5004,16 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 static int wolfSSL_RAND_InitMutex(void);
 #endif
 
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ATEXIT)
+static void AtExitCleanup(void)
+{
+    if (initRefCount > 0) {
+        initRefCount = 1;
+        (void)wolfSSL_Cleanup();
+    }
+}
+#endif
+
 WOLFSSL_ABI
 int wolfSSL_Init(void)
 {
@@ -5024,6 +5034,14 @@ int wolfSSL_Init(void)
 #endif
 
 #ifdef OPENSSL_EXTRA
+    #ifdef HAVE_ATEXIT
+        /* OpenSSL registers cleanup using atexit */
+        if (atexit(AtExitCleanup) != 0) {
+            WOLFSSL_MSG("Bad atexit registration");
+            return WC_INIT_E;
+        }
+    #endif
+
     #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
         if (wolfSSL_RAND_InitMutex() != 0) {
             return BAD_MUTEX_E;