diff --git a/src/auth/Crypto.cc b/src/auth/Crypto.cc
index d5b7ddc6f4d41..d53e648490d44 100644
--- a/src/auth/Crypto.cc
+++ b/src/auth/Crypto.cc
@@ -335,16 +335,32 @@ decrypt(const bufferptr& secret, const bufferlist& in,
 
 // ---------------------------------------------------
 
-static CryptoNone crypto_none;
-static CryptoAES crypto_aes;
+static CryptoNone *crypto_none = 0;
+static CryptoAES *crypto_aes = 0;
+
+void crypto_init_handlers()
+{
+  crypto_none = new CryptoNone;
+  crypto_aes = new CryptoAES;
+}
+
+void crypto_shutdown_handlers()
+{
+  assert(crypto_none);
+  delete crypto_none;
+  crypto_none = NULL;
+  assert(crypto_aes);
+  delete crypto_aes;
+  crypto_aes = NULL;
+}
 
 CryptoHandler *get_crypto_handler(int type)
 {
   switch (type) {
     case CEPH_CRYPTO_NONE:
-      return &crypto_none;
+      return crypto_none;
     case CEPH_CRYPTO_AES:
-      return &crypto_aes;
+      return crypto_aes;
     default:
       return NULL;
   }
diff --git a/src/auth/Crypto.h b/src/auth/Crypto.h
index a5dbcc3a344d9..0bf0df25ab9e2 100644
--- a/src/auth/Crypto.h
+++ b/src/auth/Crypto.h
@@ -108,6 +108,8 @@ class CryptoHandler {
 		      bufferlist& out, std::string &error) const = 0;
 };
 
+extern void crypto_init_handlers();
+extern void crypto_shutdown_handlers();
 extern CryptoHandler *get_crypto_handler(int type);
 
 extern int get_random_bytes(char *buf, int len);
diff --git a/src/common/ceph_crypto.cc b/src/common/ceph_crypto.cc
index 19b775c05885d..e55908975a782 100644
--- a/src/common/ceph_crypto.cc
+++ b/src/common/ceph_crypto.cc
@@ -13,6 +13,7 @@
  */
 
 #include "ceph_crypto.h"
+#include "auth/Crypto.h"
 
 #include <pthread.h>
 
@@ -25,10 +26,12 @@ void ceph::crypto::assert_init() {
 #ifdef USE_CRYPTOPP
 void ceph::crypto::init() {
   crypto_init = true;
+  crypto_init_handlers();
 }
 
 void ceph::crypto::shutdown() {
   crypto_init = false;
+  crypto_shutdown_handlers();
 }
 
 // nothing
@@ -45,6 +48,7 @@ void ceph::crypto::init() {
   SECStatus s;
   s = NSS_NoDB_Init(NULL);
   assert(s == SECSuccess);
+  crypto_init_handlers();
 }
 
 void ceph::crypto::shutdown() {
@@ -54,6 +58,7 @@ void ceph::crypto::shutdown() {
   SECStatus s;
   s = NSS_Shutdown();
   assert(s == SECSuccess);
+  crypto_shutdown_handlers();
 }
 
 ceph::crypto::HMACSHA1::~HMACSHA1()