diff --git a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp
index 9d21f6f627..8f29e83ea4 100644
--- a/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp
+++ b/Source/Core/Core/IPC_HLE/WII_IPC_HLE_Device_net_ssl.cpp
@@ -41,13 +41,16 @@ CWII_IPC_HLE_Device_net_ssl::~CWII_IPC_HLE_Device_net_ssl()
     if (ssl.active)
     {
       mbedtls_ssl_close_notify(&ssl.ctx);
-      mbedtls_ssl_session_free(&ssl.session);
-      mbedtls_ssl_free(&ssl.ctx);
-      mbedtls_ssl_config_free(&ssl.config);
 
       mbedtls_x509_crt_free(&ssl.cacert);
       mbedtls_x509_crt_free(&ssl.clicert);
 
+      mbedtls_ssl_session_free(&ssl.session);
+      mbedtls_ssl_free(&ssl.ctx);
+      mbedtls_ssl_config_free(&ssl.config);
+      mbedtls_ctr_drbg_free(&ssl.ctr_drbg);
+      mbedtls_entropy_free(&ssl.entropy);
+
       ssl.hostname.clear();
 
       ssl.active = false;
@@ -163,13 +166,14 @@ IPCCommandResult CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress)
       WII_SSL* ssl = &_SSL[sslID];
       mbedtls_ssl_init(&ssl->ctx);
       mbedtls_entropy_init(&ssl->entropy);
-      const char* pers = "dolphin-emu";
+      static constexpr const char* pers = "dolphin-emu";
       mbedtls_ctr_drbg_init(&ssl->ctr_drbg);
       int ret = mbedtls_ctr_drbg_seed(&ssl->ctr_drbg, mbedtls_entropy_func, &ssl->entropy,
                                       (const unsigned char*)pers, strlen(pers));
       if (ret)
       {
         mbedtls_ssl_free(&ssl->ctx);
+        mbedtls_ctr_drbg_free(&ssl->ctr_drbg);
         mbedtls_entropy_free(&ssl->entropy);
         goto _SSL_NEW_ERROR;
       }
@@ -218,16 +222,18 @@ IPCCommandResult CWII_IPC_HLE_Device_net_ssl::IOCtlV(u32 _CommandAddress)
     if (SSLID_VALID(sslID))
     {
       WII_SSL* ssl = &_SSL[sslID];
-      mbedtls_ssl_close_notify(&ssl->ctx);
-      mbedtls_ssl_session_free(&ssl->session);
-      mbedtls_ssl_free(&ssl->ctx);
-      mbedtls_ssl_config_free(&ssl->config);
 
-      mbedtls_entropy_free(&ssl->entropy);
+      mbedtls_ssl_close_notify(&ssl->ctx);
 
       mbedtls_x509_crt_free(&ssl->cacert);
       mbedtls_x509_crt_free(&ssl->clicert);
 
+      mbedtls_ssl_session_free(&ssl->session);
+      mbedtls_ssl_free(&ssl->ctx);
+      mbedtls_ssl_config_free(&ssl->config);
+      mbedtls_ctr_drbg_free(&ssl->ctr_drbg);
+      mbedtls_entropy_free(&ssl->entropy);
+
       ssl->hostname.clear();
 
       ssl->active = false;