diff --git a/platform/src/ssl_policy.cpp b/platform/src/ssl_policy.cpp
index f483a4b..e254c03 100644
--- a/platform/src/ssl_policy.cpp
+++ b/platform/src/ssl_policy.cpp
@@ -13,12 +13,14 @@ enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void* u_p
 {
 	UNUSED struct ssl_policy_enforcer* enforcer=(struct ssl_policy_enforcer*)u_para;
 	UNUSED int ret=0;
-	int pinning_staus=0, is_ev=0;
+	int pinning_staus=0, is_ev=0, is_mauth=0;
 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_PINNING_STATUS, &pinning_staus);
 	assert(ret==1);
 	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_EV_CERT, &is_ev);
 	assert(ret==1);
-	if(pinning_staus>0||is_ev)
+	ret=ssl_stream_get_integer_opt(upstream, SSL_STREAM_OPT_IS_MUTUAL_AUTH, &is_mauth);
+
+	if(pinning_staus>0||is_ev||is_mauth)
 	{
 		return SSL_ACTION_PASSTHROUGH;
 	}
diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp
index c86e6e8..79394b1 100644
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp
@@ -1207,6 +1207,7 @@ static void peek_chello_on_succ(future_result_t * result, void * user)
 	ctx->s_stream = s_stream;
 	if(s_stream->up_parts.action==SSL_ACTION_PASSTHROUGH)
 	{
+		promise_dettach_ctx(p);
 		promise_success(p, ctx);
 		wrap_ssl_connect_server_ctx_free(ctx);
 	}
diff --git a/platform/src/tcp_stream.cpp b/platform/src/tcp_stream.cpp
index 49dd2f2..cfce50d 100644
--- a/platform/src/tcp_stream.cpp
+++ b/platform/src/tcp_stream.cpp
@@ -916,6 +916,9 @@ void ssl_upstream_create_on_success(future_result_t * result, void * user)
 		fd=ssl_upstream_create_result_release_fd(result);
 		_stream->conn_upstream=__conn_private_create_by_fd(_stream, fd);
 		_stream->conn_downstream=__conn_private_create_by_fd(_stream, _stream->defer_fd_downstream);
+		__conn_private_enable(_stream->conn_downstream);
+		__conn_private_enable(_stream->conn_upstream);
+
 	}
 	else if(SSL_ACTION_SHUTDOWN==ssl_action)
 	{
@@ -934,10 +937,6 @@ void ssl_upstream_create_on_success(future_result_t * result, void * user)
 		assert(_stream->conn_upstream != NULL);
 		assert(_stream->ssl_upstream != NULL);
 
-		future_destroy(_stream->future_upstream_create);
-		_stream->future_upstream_create = NULL;
-		_stream->defer_fd_upstream = 0;
-
 		/* Next, create downstream */
 		_stream->future_downstream_create = future_create("ssl_down", ssl_downstream_create_on_success,
 			ssl_downstream_create_on_fail, _stream);
@@ -945,6 +944,10 @@ void ssl_upstream_create_on_success(future_result_t * result, void * user)
 		ssl_async_downstream_create(_stream->future_downstream_create, _stream->ssl_mgr,
 			_stream->ssl_upstream, _stream->defer_fd_downstream, _stream->keyring_id, _stream->thread_ref->thread_id);
 	}
+	future_destroy(_stream->future_upstream_create);
+	_stream->future_upstream_create = NULL;
+	_stream->defer_fd_upstream = 0;
+
 }
 
 void ssl_upstream_create_on_fail(enum e_future_error err, const char * what, void * user)