diff --git a/cmd/strelaysrv/listener.go b/cmd/strelaysrv/listener.go
index db8af5b04..90f2e589a 100644
--- a/cmd/strelaysrv/listener.go
+++ b/cmd/strelaysrv/listener.go
@@ -59,6 +59,13 @@ func listener(proto, addr string, config *tls.Config) {
 
 func protocolConnectionHandler(tcpConn net.Conn, config *tls.Config) {
 	conn := tls.Server(tcpConn, config)
+	if err := conn.SetDeadline(time.Now().Add(messageTimeout)); err != nil {
+		if debug {
+			log.Println("Weird error setting deadline:", err, "on", conn.RemoteAddr())
+		}
+		conn.Close()
+		return
+	}
 	err := conn.Handshake()
 	if err != nil {
 		if debug {
@@ -81,6 +88,7 @@ func protocolConnectionHandler(tcpConn net.Conn, config *tls.Config) {
 		conn.Close()
 		return
 	}
+	conn.SetDeadline(time.Time{})
 
 	id := syncthingprotocol.NewDeviceID(certs[0].Raw)
 
@@ -277,6 +285,7 @@ func sessionConnectionHandler(conn net.Conn) {
 		if debug {
 			log.Println("Weird error setting deadline:", err, "on", conn.RemoteAddr())
 		}
+		conn.Close()
 		return
 	}
 
diff --git a/cmd/strelaysrv/status.go b/cmd/strelaysrv/status.go
index a00703b1d..573d6dfa8 100644
--- a/cmd/strelaysrv/status.go
+++ b/cmd/strelaysrv/status.go
@@ -16,8 +16,16 @@ var rc *rateCalculator
 func statusService(addr string) {
 	rc = newRateCalculator(360, 10*time.Second, &bytesProxied)
 
-	http.HandleFunc("/status", getStatus)
-	if err := http.ListenAndServe(addr, nil); err != nil {
+	handler := http.NewServeMux()
+	handler.HandleFunc("/status", getStatus)
+
+	srv := http.Server{
+		Addr:        addr,
+		Handler:     handler,
+		ReadTimeout: 15 * time.Second,
+	}
+	srv.SetKeepAlivesEnabled(false)
+	if err := srv.ListenAndServe(); err != nil {
 		log.Fatal(err)
 	}
 }