diff --git a/vere/cttp.c b/vere/cttp.c
index eae999c1a..4e7401001 100644
--- a/vere/cttp.c
+++ b/vere/cttp.c
@@ -20,7 +20,6 @@
 
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>
 
 #include "../outside/jhttp/http_parser.h"   // Joyent HTTP
 #include "all.h"
@@ -1612,14 +1611,8 @@ u3_cttp_ef_thus(c3_l    num_l,
 void
 u3_cttp_io_init()
 {
-  c3_i rad;
-  c3_y buf[4096];
-
   u3_Host.ctp_u.coc_u = 0;
 
-  SSL_library_init();
-  SSL_load_error_strings();
-
   u3_Host.ssl_u = SSL_CTX_new(TLSv1_client_method());
   SSL_CTX_set_options(u3S, SSL_OP_NO_SSLv2);
   SSL_CTX_set_verify(u3S, SSL_VERIFY_PEER, NULL);
@@ -1635,16 +1628,6 @@ u3_cttp_io_init()
   SSL_CTX_set_cipher_list(u3S, "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:"
                           "ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:"
                           "RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS");
-
-  // RAND_status, at least on OS X, never returns true.
-  // 4096 bytes should be enough entropy for anyone, right?
-  rad = open("/dev/urandom", O_RDONLY);
-  if ( 4096 != read(rad, &buf, 4096) ) {
-    perror("rand-seed");
-    exit(1);
-  }
-  RAND_seed(buf, 4096);
-  close(rad);
 }
 
 /* u3_cttp_io_poll(): poll kernel for cttp I/O.
diff --git a/vere/http.c b/vere/http.c
index 755ffceac..36e8bbebf 100644
--- a/vere/http.c
+++ b/vere/http.c
@@ -20,7 +20,6 @@
 
 #include <openssl/ssl.h>
 #include <openssl/err.h>
-#include <openssl/rand.h>
 
 // XX rename
 typedef struct _h2hed {
@@ -637,13 +636,7 @@ _http_serv_start(u3_http* htp_u)
 static SSL_CTX*
 _http_init_tls()
 {
-  SSL_CTX* tls_u;
-
-  // XX only call these once between here and cttp (maybe in loop.c or main.c?)
-  SSL_library_init();
-  SSL_load_error_strings();
-
-  tls_u = SSL_CTX_new(TLSv1_2_server_method());
+  SSL_CTX* tls_u = SSL_CTX_new(TLSv1_2_server_method());
 
   SSL_CTX_set_options(tls_u, SSL_OP_NO_SSLv2);
   // SSL_CTX_set_verify(tls_u, SSL_VERIFY_NONE, NULL);
diff --git a/vere/main.c b/vere/main.c
index dc1f4352a..11aea24c3 100644
--- a/vere/main.c
+++ b/vere/main.c
@@ -18,6 +18,7 @@
 #include <term.h>
 #include <dirent.h>
 #include <openssl/ssl.h>
+#include <openssl/rand.h>
 
 #include "h2o.h"
 
@@ -613,6 +614,24 @@ main(c3_i   argc,
 #endif
   }
 
+  SSL_library_init();
+  SSL_load_error_strings();
+
+  {
+    c3_i rad;
+    c3_y buf[4096];
+
+    // RAND_status, at least on OS X, never returns true.
+    // 4096 bytes should be enough entropy for anyone, right?
+    rad = open("/dev/urandom", O_RDONLY);
+    if ( 4096 != read(rad, &buf, 4096) ) {
+      perror("rand-seed");
+      exit(1);
+    }
+    RAND_seed(buf, 4096);
+    close(rad);
+  }
+
   // u3e_grab("main", u3_none);
   //
   u3_lo_loop();