diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
index ad6daa43011bda..d21976c7df309e 100644
--- a/src/tls_wrap.cc
+++ b/src/tls_wrap.cc
@@ -446,6 +446,12 @@ void TLSWrap::ClearOut() {
       memcpy(buf.base, current, avail);
       OnRead(avail, &buf);
 
+      // Caveat emptor: OnRead() calls into JS land which can result in
+      // the SSL context object being destroyed.  We have to carefully
+      // check that ssl_ != nullptr afterwards.
+      if (ssl_ == nullptr)
+        return;
+
       read -= avail;
       current += avail;
     }
diff --git a/test/parallel/test-tls-socket-destroy.js b/test/parallel/test-tls-socket-destroy.js
new file mode 100644
index 00000000000000..27651f8ec7206a
--- /dev/null
+++ b/test/parallel/test-tls-socket-destroy.js
@@ -0,0 +1,36 @@
+'use strict';
+
+const common = require('../common');
+
+if (!common.hasCrypto) {
+  common.skip('missing crypto');
+  return;
+}
+
+const fs = require('fs');
+const net = require('net');
+const tls = require('tls');
+
+const key = fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem');
+const cert = fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem');
+const secureContext = tls.createSecureContext({ key, cert });
+
+const server = net.createServer(common.mustCall((conn) => {
+  const options = { isServer: true, secureContext, server };
+  const socket = new tls.TLSSocket(conn, options);
+  socket.once('data', common.mustCall(() => {
+    socket._destroySSL();  // Should not crash.
+    server.close();
+  }));
+}));
+
+server.listen(0, function() {
+  const options = {
+    port: this.address().port,
+    rejectUnauthorized: false,
+  };
+  tls.connect(options, function() {
+    this.write('*'.repeat(1 << 20));  // Write more data than fits in a frame.
+    this.on('error', this.destroy);  // Server closes connection on us.
+  });
+});