diff --git a/include/http_connection.h b/include/http_connection.h
index 2192507..924ddda 100644
--- a/include/http_connection.h
+++ b/include/http_connection.h
@@ -47,9 +47,18 @@ extern "C" {
  */
 AP_CORE_DECLARE(void) ap_process_connection(conn_rec *c, void *csd);
 
+/**
+ * Shutdown the connection for writing.
+ * @param c The connection to shutdown
+ * @param flush Whether or not to flush pending data before
+ * @return APR_SUCCESS or the underlying error
+ */
+AP_CORE_DECLARE(apr_status_t) ap_shutdown_conn(conn_rec *c, int flush);
+
 /**
  * Flushes all remain data in the client send buffer
  * @param c The connection to flush
+ * @remark calls ap_shutdown_conn(c, 1)
  */
 AP_CORE_DECLARE(void) ap_flush_conn(conn_rec *c);
 
diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c
index 8be833a..6c79a1a 100644
--- a/modules/proxy/proxy_util.c
+++ b/modules/proxy/proxy_util.c
@@ -2886,6 +2886,33 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function,
     }
 }
 
+static apr_status_t connection_shutdown(void *theconn)
+{
+    proxy_conn_rec *conn = (proxy_conn_rec *)theconn;
+    conn_rec *c = conn->connection;
+    if (c) {
+        if (!c->aborted) {
+            apr_interval_time_t saved_timeout = 0;
+            apr_socket_timeout_get(conn->sock, &saved_timeout);
+            if (saved_timeout) {
+                apr_socket_timeout_set(conn->sock, 0);
+            }
+
+            (void)ap_shutdown_conn(c, 0);
+            c->aborted = 1;
+
+            if (saved_timeout) {
+                apr_socket_timeout_set(conn->sock, saved_timeout);
+            }
+        }
+
+        ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(02642)
+                      "proxy: connection shutdown");
+    }
+    return APR_SUCCESS;
+}
+
+
 PROXY_DECLARE(int) ap_proxy_connection_create(const char *proxy_function,
                                               proxy_conn_rec *conn,
                                               conn_rec *c,
@@ -2958,6 +2985,11 @@ PROXY_DECLARE(int) ap_proxy_connection_create(const char *proxy_function,
     }
     apr_socket_timeout_set(conn->sock, current_timeout);
 
+    /* Shutdown the connection before closing it (eg. SSL connections
+     * need to be close-notify-ed).
+     */
+    apr_pool_pre_cleanup_register(conn->scpool, conn, connection_shutdown);
+
     return OK;
 }
 
diff --git a/modules/ssl/ssl_util_ssl.c b/modules/ssl/ssl_util_ssl.c
index fbd701f..a8778d4 100644
--- a/modules/ssl/ssl_util_ssl.c
+++ b/modules/ssl/ssl_util_ssl.c
@@ -166,6 +166,7 @@ int SSL_smart_shutdown(SSL *ssl)
 {
     int i;
     int rc;
+    int flush;
 
     /*
      * Repeat the calls, because SSL_shutdown internally dispatches through a
@@ -175,8 +176,20 @@ int SSL_smart_shutdown(SSL *ssl)
      * connection and OpenSSL cannot recognize it.
      */
     rc = 0;
+    flush = !(SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN);
     for (i = 0; i < 4 /* max 2x pending + 2x data = 4 */; i++) {
-        if ((rc = SSL_shutdown(ssl)))
+        rc = SSL_shutdown(ssl);
+        if (rc >= 0 && flush && (SSL_get_shutdown(ssl) & SSL_SENT_SHUTDOWN)) {
+            /* Once the close notity is sent through the output filters,
+             * ensure it is flushed through the socket.
+             */
+            if (BIO_flush(SSL_get_wbio(ssl)) <= 0) {
+                rc = -1;
+                break;
+            }
+            flush = 0;
+        }
+        if (rc != 0)
             break;
     }
     return rc;
diff --git a/server/connection.c b/server/connection.c
index 6e4495f..4942c77 100644
--- a/server/connection.c
+++ b/server/connection.c
@@ -64,22 +64,32 @@ AP_IMPLEMENT_HOOK_RUN_ALL(int,pre_connection,(conn_rec *c, void *csd),(c, csd),O
 #define MAX_SECS_TO_LINGER 30
 #endif
 
-AP_CORE_DECLARE(void) ap_flush_conn(conn_rec *c)
+AP_CORE_DECLARE(apr_status_t) ap_shutdown_conn(conn_rec *c, int flush)
 {
+    apr_status_t rv;
     apr_bucket_brigade *bb;
     apr_bucket *b;
 
     bb = apr_brigade_create(c->pool, c->bucket_alloc);
 
-    /* FLUSH bucket */
-    b = apr_bucket_flush_create(c->bucket_alloc);
-    APR_BRIGADE_INSERT_TAIL(bb, b);
+    if (flush) {
+        /* FLUSH bucket */
+        b = apr_bucket_flush_create(c->bucket_alloc);
+        APR_BRIGADE_INSERT_TAIL(bb, b);
+    }
 
     /* End Of Connection bucket */
     b = ap_bucket_eoc_create(c->bucket_alloc);
     APR_BRIGADE_INSERT_TAIL(bb, b);
 
-    ap_pass_brigade(c->output_filters, bb);
+    rv = ap_pass_brigade(c->output_filters, bb);
+    apr_brigade_destroy(bb);
+    return rv;
+}
+
+AP_CORE_DECLARE(void) ap_flush_conn(conn_rec *c)
+{
+    (void)ap_shutdown_conn(c, 1);
 }
 
 /* we now proceed to read from the client until we get EOF, or until
diff --git a/server/mpm/event/event.c b/server/mpm/event/event.c
index 5852685..defa109 100644
--- a/server/mpm/event/event.c
+++ b/server/mpm/event/event.c
@@ -841,6 +841,7 @@ static int start_lingering_close_nonblocking(event_conn_state_t *cs)
     apr_socket_t *csd = cs->pfd.desc.s;
 
     if (c->aborted
+        || ap_shutdown_conn(c, 0) != APR_SUCCESS || c->aborted
         || apr_socket_shutdown(csd, APR_SHUTDOWN_WRITE) != APR_SUCCESS) {
         apr_socket_close(csd);
         apr_pool_clear(cs->p);