diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fd0d6e2bb7..912c6b121e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1428,11 +1428,10 @@ void SSL_free(SSL *s)
         return;
     REF_ASSERT_ISNT(i < 0);
 
-    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
     if (s->method != NULL)
         s->method->ssl_free(s);
 
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
     SSL_CTX_free(s->ctx);
     CRYPTO_THREAD_lock_free(s->lock);
     CRYPTO_FREE_REF(&s->references);
@@ -1448,15 +1447,17 @@ void ossl_ssl_connection_free(SSL *ssl)
     if (s == NULL)
         return;
 
+    /*
+     * Ignore return values. This could result in user callbacks being called
+     * e.g. for the QUIC TLS record layer. So we do this early before we have
+     * freed other things.
+     */
+    ssl_free_wbio_buffer(s);
+    RECORD_LAYER_clear(&s->rlayer);
+
     X509_VERIFY_PARAM_free(s->param);
     dane_final(&s->dane);
 
-    /* Ignore return value */
-    ssl_free_wbio_buffer(s);
-
-    /* Ignore return value */
-    RECORD_LAYER_clear(&s->rlayer);
-
     BUF_MEM_free(s->init_buf);
 
     /* add extra stuff */