diff --git a/TunnelKit/Sources/Core/SessionProxy+Authenticator.swift b/TunnelKit/Sources/Core/SessionProxy+Authenticator.swift
index 98d44a2..9f76fa6 100644
--- a/TunnelKit/Sources/Core/SessionProxy+Authenticator.swift
+++ b/TunnelKit/Sources/Core/SessionProxy+Authenticator.swift
@@ -116,14 +116,8 @@ extension SessionProxy {
                     break
                 }
             }
-            if let strategy = options.tlsWrap?.strategy {
-                switch strategy {
-                case .auth:
-                    opts.append("tls-auth")
-                    
-                case .crypt:
-                    opts.append("tls-crypt")
-                }
+            if let direction = options.tlsWrap?.key.direction?.rawValue {
+                opts.append("keydir \(direction)")
             }
             let optsString = opts.joined(separator: ",")
             log.debug("TLS.auth: Local options: \(optsString)")
diff --git a/TunnelKit/Sources/Core/StaticKey.swift b/TunnelKit/Sources/Core/StaticKey.swift
index 480e732..58e3117 100644
--- a/TunnelKit/Sources/Core/StaticKey.swift
+++ b/TunnelKit/Sources/Core/StaticKey.swift
@@ -58,7 +58,7 @@ public class StaticKey: Codable {
     
     private let secureData: ZeroingData
 
-    private let direction: Direction?
+    let direction: Direction?
     
     /// Returns the encryption key.
     ///