diff --git a/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift b/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift
index 326cde8..3604a78 100644
--- a/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift
+++ b/TunnelKit/Sources/AppExtension/TunnelKitProvider+Configuration.swift
@@ -147,6 +147,7 @@ extension TunnelKitProvider {
                     throw ProviderConfigurationError.parameter(name: "protocolConfiguration.providerConfiguration[\(S.tlsWrap)]")
                 }
             }
+            sessionConfigurationBuilder.tlsSecurityLevel = providerConfiguration[S.tlsSecurityLevel] as? Int ?? ConfigurationBuilder.defaults.sessionConfiguration.tlsSecurityLevel
             sessionConfigurationBuilder.keepAliveInterval = providerConfiguration[S.keepAlive] as? TimeInterval ?? ConfigurationBuilder.defaults.sessionConfiguration.keepAliveInterval
             sessionConfigurationBuilder.renegotiatesAfter = providerConfiguration[S.renegotiatesAfter] as? TimeInterval ?? ConfigurationBuilder.defaults.sessionConfiguration.renegotiatesAfter
             guard let endpointProtocolsStrings = providerConfiguration[S.endpointProtocols] as? [String], !endpointProtocolsStrings.isEmpty else {
@@ -245,6 +246,8 @@ extension TunnelKitProvider {
             
             static let tlsWrap = "TLSWrap"
 
+            static let tlsSecurityLevel = "TLSSecurityLevel"
+
             static let keepAlive = "KeepAlive"
             
             static let endpointProtocols = "EndpointProtocols"
@@ -451,6 +454,9 @@ extension TunnelKitProvider {
             if let tlsWrapData = sessionConfiguration.tlsWrap?.serialized() {
                 dict[S.tlsWrap] = tlsWrapData
             }
+            if let tlsSecurityLevel = sessionConfiguration.tlsSecurityLevel {
+                dict[S.tlsSecurityLevel] = tlsSecurityLevel
+            }
             if let keepAliveSeconds = sessionConfiguration.keepAliveInterval {
                 dict[S.keepAlive] = keepAliveSeconds
             }
@@ -554,6 +560,11 @@ extension TunnelKitProvider {
             } else {
                 log.info("\tTLS wrapping: disabled")
             }
+            if let tlsSecurityLevel = sessionConfiguration.tlsSecurityLevel {
+                log.info("\tTLS security level: \(tlsSecurityLevel)")
+            } else {
+                log.info("\tTLS security level: default")
+            }
             if let keepAliveSeconds = sessionConfiguration.keepAliveInterval, keepAliveSeconds > 0 {
                 log.info("\tKeep-alive: \(keepAliveSeconds) seconds")
             } else {