Hello, while playing with RadSec inbound and outbound I noticed that for both directions, the cert properties of the other end are stored in a series of TLS-Client-Cert-* attributes. But when initiating an outbound connection, these attributes store the properties of the *server* we are contacting, while the name suggests something about client (which would be our own cert, which is useless). Example: (TLS) Trying new outgoing proxy connection to proxy (0.0.0.0, 0) -> home_server (145.100.189.5, 2083) Requiring Server certificate [...] (0) TLS-Client-Cert-Common-Name := "slagroom.eduroam.nl" That should really be TLS-Server-Cert-Common-Name (same goes for all other properties of course). In the other direction, i.e. when serving an incoming client connection, the use of the -Client- attributes is of course semantically correct. Could these attributes be duplicated for -Server and be populated as such during outbound connections? Greetings, Stefan Winter -- This email may contain information for limited distribution only, please treat accordingly. Fondation Restena, Stefan WINTER Chief Technology Officer 2, avenue de l'Université L-4365 Esch-sur-Alzette