diff --git a/fw/connection.h b/fw/connection.h
index 8ea3e35b62..bf1bc34222 100644
--- a/fw/connection.h
+++ b/fw/connection.h
@@ -292,7 +292,7 @@ typedef struct {
  */
 #define tfw_h2_context_unsafe(conn)	((TfwH2Ctx *)(&((TfwH2Conn *)conn)->h2))
 #define tfw_h2_context_safe(conn)	\
-	ttls_hs_done(tfw_tls_context(conn)) ? tfw_h2_context_unsafe(conn) : NULL;
+	ttls_hs_done(tfw_tls_context(conn)) ? tfw_h2_context_unsafe(conn) : NULL
 
 
 /* Callbacks used by l5-l7 protocols to operate on connection level. */
diff --git a/fw/sock_clnt.c b/fw/sock_clnt.c
index b7ce21f0ff..b1819e91fe 100644
--- a/fw/sock_clnt.c
+++ b/fw/sock_clnt.c
@@ -191,9 +191,14 @@ tfw_sk_fill_write_queue(struct sock *sk, unsigned int mss_now, int ss_action)
 	 * set to TCP_CLOSE, so this function will never be called after it.
          */
 	BUG_ON(!conn);
-	BUG_ON(TFW_CONN_PROTO(conn) != TFW_FSM_H2);
 
-	h2 = tfw_h2_context_safe(conn);
+	/*
+	 * This function can be called both for HTTP1 and HTTP2 connections.
+	 * Moreover this function can be called when HTTP2 connection is
+	 * shutdowned before TLS hadshake was finished.
+	 */
+	h2 = TFW_CONN_PROTO(conn) == TFW_FSM_H2 ?
+		tfw_h2_context_safe(conn) : NULL;
 	if (!h2) {
 		if (ss_action == SS_SHUTDOWN)
 			tcp_shutdown(sk, SEND_SHUTDOWN);
@@ -278,9 +283,8 @@ tfw_sock_clnt_new(struct sock *sk)
 		 * find a simple and better solution.
 		 */
 		sk->sk_write_xmit = tfw_tls_encrypt;
-	}
-	if (TFW_CONN_PROTO(conn) == TFW_FSM_H2)
 		sk->sk_fill_write_queue = tfw_sk_fill_write_queue;
+	}
 
 	/* Activate keepalive timer. */
 	mod_timer(&conn->timer,