@gargron maybe refer to TLS rather than SSL.
Generally looks good to me, and an improvement. Thanks for working on this.