diff --git a/ChangeLog b/ChangeLog
index 656688df30..7fbf1ad412 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,10 @@ Features
      yet), and to existing functions in ECDH and SSL (currently only
      implemented client-side, for ECDHE-ECDSA ciphersuites in TLS 1.2,
      including client authentication).
+   * Fix wrong order of freeing in programs/ssl/ssl_server2 example
+     application leading to a memory leak in case both
+     MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE are set.
+     Fixes #2069.
 
 Bugfix
    * Fix a bug in the update function for SSL ticket keys which previously
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4eac51f746..efda65d23d 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3146,6 +3146,8 @@ exit:
     mbedtls_ssl_cookie_free( &cookie_ctx );
 #endif
 
+    mbedtls_free( buf );
+
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
 #if defined(MBEDTLS_MEMORY_DEBUG)
     mbedtls_memory_buffer_alloc_status();
@@ -3153,7 +3155,6 @@ exit:
     mbedtls_memory_buffer_alloc_free();
 #endif
 
-    mbedtls_free( buf );
     mbedtls_printf( " done.\n" );
 
 #if defined(_WIN32)