@@ -1112,11 +1112,11 @@
 	OPTSTR("-model", model);
 	OPTOBJ("-password", password);
 	OPTBOOL("-post_handshake", post_handshake);
 	OPTBOOL("-request", request);
 	OPTBOOL("-require", require);
-	OPTINT("-securitylevel", level);
+	OPTINT("-security_level", level);
 	OPTBOOL("-server", server);
 	OPTSTR("-servername", servername);
 	OPTSTR("-session_id", session_id);
 	OPTBOOL("-ssl2", ssl2);
 	OPTBOOL("-ssl3", ssl3);
@@ -1125,11 +1125,11 @@
 	OPTBOOL("-tls1.2", tls1_2);
 	OPTBOOL("-tls1.3", tls1_3);
 	OPTOBJ("-validatecommand", vcmd);
 	OPTOBJ("-vcmd", vcmd);
 
-	OPTBAD("option", "-alpn, -cadir, -cafile, -cert, -certfile, -cipher, -ciphersuites, -command, -dhparams, -key, -keyfile, -model, -password, -post_handshake, -request, -require, -securitylevel, -server, -servername, -session_id, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, -tls1.3, or -validatecommand");
+	OPTBAD("option", "-alpn, -cadir, -cafile, -cert, -certfile, -cipher, -ciphersuites, -command, -dhparams, -key, -keyfile, -model, -password, -post_handshake, -request, -require, -security_level, -server, -servername, -session_id, -ssl2, -ssl3, -tls1, -tls1.1, -tls1.2, -tls1.3, or -validatecommand");
 
 	return TCL_ERROR;
     }
     if (request)		verify |= SSL_VERIFY_CLIENT_ONCE | SSL_VERIFY_PEER;
     if (request && require)	verify |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
@@ -2006,11 +2006,11 @@
 
 	/* Renegotiation allowed */
 	LAPPEND_BOOL(interp, objPtr, "renegotiation_allowed", SSL_get_secure_renegotiation_support(ssl));
 
 	/* Get security level */
-	LAPPEND_INT(interp, objPtr, "securitylevel", SSL_get_security_level(ssl));
+	LAPPEND_INT(interp, objPtr, "security_level", SSL_get_security_level(ssl));
 
 	/* Session info */
 	LAPPEND_BOOL(interp, objPtr, "session_reused", SSL_session_reused(ssl));
 
 	/* Is server info */
@@ -2053,14 +2053,10 @@
 
 	/* message authentication code - Cipher is AEAD (e.g. GCM or ChaCha20/Poly1305) or not */
 	/* Authenticated Encryption with associated data (AEAD) check */
 	LAPPEND_BOOL(interp, objPtr, "cipher_is_aead", SSL_CIPHER_is_aead(cipher));
 
-	/* Digest used during the SSL/TLS handshake when using the cipher. */
-	md = SSL_CIPHER_get_handshake_digest(cipher);
-	LAPPEND_STR(interp, objPtr, "handshake_digest", (char *)EVP_MD_name(md), -1);
-
 	/* Get OpenSSL-specific ID, not IANA ID */
 	LAPPEND_INT(interp, objPtr, "cipher_id", (int) SSL_CIPHER_get_id(cipher));
 
 	/* Two-byte ID used in the TLS protocol of the given cipher */
 	LAPPEND_INT(interp, objPtr, "protocol_id", (int) SSL_CIPHER_get_protocol_id(cipher));
@@ -2067,10 +2063,14 @@
 
 	/* Textual description of the cipher */
 	if (SSL_CIPHER_description(cipher, buf, sizeof(buf)) != NULL) {
 	    LAPPEND_STR(interp, objPtr, "description", buf, -1);
 	}
+
+	/* Digest used during the SSL/TLS handshake when using the cipher. */
+	md = SSL_CIPHER_get_handshake_digest(cipher);
+	LAPPEND_STR(interp, objPtr, "handshake_digest", (char *)EVP_MD_name(md), -1);
     }
 
     /* Session info */
     session = SSL_get_session(ssl);
     if (session != NULL) {