diff --git a/libfreerdp/core/connection.c b/libfreerdp/core/connection.c
index 1b1eb1a4a..5350045d6 100644
--- a/libfreerdp/core/connection.c
+++ b/libfreerdp/core/connection.c
@@ -326,7 +326,7 @@ BOOL rdp_client_connect(rdpRdp* rdp)
 		settings->EncryptionMethods = ENCRYPTION_METHOD_FIPS;
 	}
 
-	const char* hostname = freerdp_settings_get_server_name(settings);
+	const char* hostname = settings->ServerHostname;
 	if (!hostname)
 	{
 		WLog_ERR(TAG, "Missing hostname, can not connect to NULL target");
diff --git a/libfreerdp/core/transport.c b/libfreerdp/core/transport.c
index 334746b10..57681edc0 100644
--- a/libfreerdp/core/transport.c
+++ b/libfreerdp/core/transport.c
@@ -283,6 +283,7 @@ static BOOL transport_default_connect_tls(rdpTransport* transport)
 		transport->layer = TRANSPORT_LAYER_TLS;
 
 	tls->hostname = settings->ServerHostname;
+	tls->serverName = settings->UserSpecifiedServerName;
 	tls->port = settings->ServerPort;
 
 	if (tls->port == 0)
diff --git a/libfreerdp/crypto/tls.c b/libfreerdp/crypto/tls.c
index da3ea64bc..fdba807e5 100644
--- a/libfreerdp/crypto/tls.c
+++ b/libfreerdp/crypto/tls.c
@@ -599,6 +599,11 @@ static rdpCertificate* tls_get_certificate(rdpTls* tls, BOOL peer)
 	return cert;
 }
 
+static const char* tls_get_server_name(rdpTls* tls)
+{
+	return tls->serverName ? tls->serverName : tls->hostname;
+}
+
 #define TLS_SERVER_END_POINT "tls-server-end-point:"
 
 static SecPkgContext_Bindings* tls_get_channel_bindings(const rdpCertificate* cert)
@@ -832,7 +837,7 @@ TlsHandshakeResult freerdp_tls_connect_ex(rdpTls* tls, BIO* underlying, const SS
 		return 0;
 
 #if !defined(OPENSSL_NO_TLSEXT) && !defined(LIBRESSL_VERSION_NUMBER)
-	SSL_set_tlsext_host_name(tls->ssl, tls->hostname);
+	SSL_set_tlsext_host_name(tls->ssl, tls_get_server_name(tls));
 #endif
 
 	return freerdp_tls_handshake(tls);
@@ -882,7 +887,7 @@ TlsHandshakeResult freerdp_tls_handshake(rdpTls* tls)
 
 		if (tls->isClientMode)
 		{
-			verify_status = tls_verify_certificate(tls, cert, tls->hostname, tls->port);
+			verify_status = tls_verify_certificate(tls, cert, tls_get_server_name(tls), tls->port);
 
 			if (verify_status < 1)
 			{
diff --git a/libfreerdp/crypto/tls.h b/libfreerdp/crypto/tls.h
index f0cfc1012..92a2b3a18 100644
--- a/libfreerdp/crypto/tls.h
+++ b/libfreerdp/crypto/tls.h
@@ -76,6 +76,7 @@ struct rdp_tls
 	rdpCertificateStore* certificate_store;
 	BIO* underlying;
 	const char* hostname;
+	const char* serverName;
 	int port;
 	int alertLevel;
 	int alertDescription;