diff --git a/modules/proto_tls/proto_tls.c b/modules/proto_tls/proto_tls.c
index 10413efadae..b16be1dfebc 100644
--- a/modules/proto_tls/proto_tls.c
+++ b/modules/proto_tls/proto_tls.c
@@ -112,13 +112,15 @@ static void tls_report(int type, unsigned long long conn_id, int conn_flags,
 static struct mi_root* tls_trace_mi(struct mi_root* cmd, void* param );
 
 
+trace_dest t_dst;
+
 static int w_tls_blocking_write(struct tcp_connection *c, int fd, const char *buf,
 																	size_t len)
 {
 	int ret;
 
 	lock_get(&c->write_lock);
-	ret = tls_blocking_write(c, fd, buf, len, &tls_mgm_api);
+	ret = tls_blocking_write(c, fd, buf, len, &tls_mgm_api, t_dst);
 	lock_release(&c->write_lock);
 	return ret;
 }
@@ -137,7 +139,6 @@ static struct tcp_req tls_current_req;
 #define TLS_TRACE_PROTO "proto_hep"
 
 static str trace_destination_name = {NULL, 0};
-trace_dest t_dst;
 trace_proto_t tprot;
 
 /* module  tracing parameters */
@@ -423,8 +424,6 @@ static int proto_tls_send(struct socket_info* send_sock,
 	int port;
 	int fd, n;
 
-	struct tls_data* data;
-
 	if (to){
 		su2ip_addr(&ip, to);
 		port=su_getport(to);
@@ -466,29 +465,10 @@ static int proto_tls_send(struct socket_info* send_sock,
 	}
 
 send_it:
-	/* if there is pending tracing data on a connection startet by us
-	 * (connected) -> flush it
-	 * As this is a write op, we look only for connected conns, not to conflict
-	 * with accepted conns (flushed on read op) */
-	if ( (c->flags&F_CONN_ACCEPTED)==0 && c->proto_flags & F_TLS_TRACE_READY ) {
-		data = c->proto_data;
-		/* send the message if set from tls_mgm */
-		if ( data->message ) {
-			send_trace_message( data->message, t_dst);
-			data->message = NULL;
-		}
-
-		/* don't allow future traces for this connection */
-		data->tprot = 0;
-		data->dest  = 0;
-
-		c->proto_flags &= ~( F_TLS_TRACE_READY );
-	}
-
 	LM_DBG("sending via fd %d...\n",fd);
 
 	lock_get(&c->write_lock);
-	n = tls_blocking_write(c, fd, buf, len, &tls_mgm_api);
+	n = tls_blocking_write(c, fd, buf, len, &tls_mgm_api, t_dst);
 	lock_release(&c->write_lock);
 	tcp_conn_set_lifetime( c, tcp_con_lifetime);
 
@@ -537,7 +517,7 @@ static int tls_read_req(struct tcp_connection* con, int* bytes_read)
 	}
 
 	/* do this trick in order to trace whether if it's an error or not */
-	ret=tls_fix_read_conn(con);
+	ret=tls_fix_read_conn(con, t_dst);
 
 	/* if there is pending tracing data on an accepted connection, flush it
 	 * As this is a read op, we look only for accepted conns, not to conflict
diff --git a/modules/proto_wss/proto_wss.c b/modules/proto_wss/proto_wss.c
index b20f8c8d024..2d1f877dbc8 100644
--- a/modules/proto_wss/proto_wss.c
+++ b/modules/proto_wss/proto_wss.c
@@ -542,7 +542,7 @@ static int wss_read_req(struct tcp_connection* con, int* bytes_read)
 	struct ws_data* d;
 
 	/* we need to fix the SSL connection before doing anything */
-	if (tls_fix_read_conn(con) < 0) {
+	if (tls_fix_read_conn(con, t_dst) < 0) {
 		LM_ERR("cannot fix read connection\n");
 		if ( (d=con->proto_data) && d->dest && d->tprot ) {
 			if ( d->message ) {
@@ -611,7 +611,7 @@ static int wss_raw_writev(struct tcp_connection *c, int fd,
 #ifndef TLS_DONT_WRITE_FRAGMENTS
 	lock_get(&c->write_lock);
 	for (i = 0; i < iovcnt; i++) {
-		n = tls_blocking_write(c, fd, iov[i].iov_base, iov[i].iov_len, &tls_mgm_api);
+		n = tls_blocking_write(c, fd, iov[i].iov_base, iov[i].iov_len, &tls_mgm_api, t_dst);
 		if (n < 0) {
 			ret = -1;
 			goto end;
diff --git a/modules/tls_mgm/tls_conn_server.h b/modules/tls_mgm/tls_conn_server.h
index 107aa7f394a..2a270527004 100644
--- a/modules/tls_mgm/tls_conn_server.h
+++ b/modules/tls_mgm/tls_conn_server.h
@@ -368,11 +368,30 @@ static int tls_accept(struct tcp_connection *c, short *poll_events)
 	return -1;
 }
 
+void tls_send_trace_data(struct tcp_connection *c, trace_dest t_dst) {
+	struct tls_data* data;
+
+	if ( (c->flags&F_CONN_ACCEPTED)==0 && c->proto_flags & F_TLS_TRACE_READY ) {
+		data = c->proto_data;
+
+		/* send the message if set from tls_mgm */
+		if ( data->message ) {
+			send_trace_message( data->message, t_dst);
+			data->message = NULL;
+		}
+
+		/* don't allow future traces for this connection */
+		data->tprot = 0;
+		data->dest  = 0;
+
+		c->proto_flags &= ~( F_TLS_TRACE_READY );
+	}
+}
 
 /*
  * wrapper around SSL_connect, returns 0 on success, -1 on error
  */
-static int tls_connect(struct tcp_connection *c, short *poll_events)
+static int tls_connect(struct tcp_connection *c, short *poll_events, trace_dest t_dst)
 {
 	int ret, err;
 	SSL *ssl;
@@ -394,6 +413,8 @@ static int tls_connect(struct tcp_connection *c, short *poll_events)
 		trace_tls( c, ssl, TRANS_TRACE_CONNECTED,
 				TRANS_TRACE_SUCCESS, &CONNECT_FAIL);
 
+		tls_send_trace_data(c, t_dst);
+
 		c->proto_flags &= ~F_TLS_DO_CONNECT;
 		LM_DBG("new TLS connection to %s:%d using %s %s %d\n",
 			ip_addr2a(&c->rcv.src_ip), c->rcv.src_port,
@@ -433,6 +454,8 @@ static int tls_connect(struct tcp_connection *c, short *poll_events)
 				trace_tls( c, ssl, TRANS_TRACE_CONNECTED,
 						TRANS_TRACE_FAILURE, &CONNECT_FAIL);
 
+				tls_send_trace_data(c, t_dst);
+
 				c->state = S_CONN_BAD;
 				return -1;
 			case SSL_ERROR_WANT_READ:
@@ -463,6 +486,8 @@ static int tls_connect(struct tcp_connection *c, short *poll_events)
 					tls_err_s.s = tls_err_buf;
 					trace_tls( c, ssl, TRANS_TRACE_CONNECTED,
 							TRANS_TRACE_FAILURE, &tls_err_s);
+
+					tls_send_trace_data(c, t_dst);
 				} else {
 					tls_print_errstack();
 				}
@@ -482,7 +507,7 @@ static int tls_connect(struct tcp_connection *c, short *poll_events)
  * does not transit a connection into S_CONN_OK then tcp layer would not
  * call tcp_read
  */
-static int tls_fix_read_conn(struct tcp_connection *c)
+static int tls_fix_read_conn(struct tcp_connection *c, trace_dest t_dst)
 {
 	/*
 	* no lock acquired
@@ -505,7 +530,7 @@ static int tls_fix_read_conn(struct tcp_connection *c)
 	} else if ( c->proto_flags & F_TLS_DO_CONNECT ) {
 		ret = tls_update_fd(c, c->fd);
 		if (!ret)
-			ret = tls_connect(c, NULL);
+			ret = tls_connect(c, NULL, t_dst);
 	}
 
 	lock_release(&c->write_lock);
@@ -570,7 +595,7 @@ static int tls_write(struct tcp_connection *c, int fd, const void *buf,
  * fixme: probably does not work correctly
  */
 static int tls_blocking_write(struct tcp_connection *c, int fd, const char *buf,
-										size_t len, struct tls_mgm_binds *api)
+										size_t len, struct tls_mgm_binds *api, trace_dest t_dst)
 {
 	#define MAX_SSL_RETRIES 32
 	int             written, n;
@@ -599,7 +624,7 @@ static int tls_blocking_write(struct tcp_connection *c, int fd, const char *buf,
 			goto error;
 		timeout = api->get_handshake_timeout();
 	} else if ( c->proto_flags & F_TLS_DO_CONNECT ) {
-		if (tls_connect(c, &(pf.events)) < 0)
+		if (tls_connect(c, &(pf.events), t_dst) < 0)
 			goto error;
 		timeout = api->get_handshake_timeout();
 	} else {