diff --git a/websocket-sharp/Net/ClientSslAuthConfiguration.cs b/websocket-sharp/Net/ClientSslAuthConfiguration.cs
index 9a974047..0da06479 100644
--- a/websocket-sharp/Net/ClientSslAuthConfiguration.cs
+++ b/websocket-sharp/Net/ClientSslAuthConfiguration.cs
@@ -34,14 +34,14 @@
  */
 #endregion
 
+using System.Net.Security;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 
 namespace WebSocketSharp.Net
 {
   /// <summary>
-  /// Stores the parameters used in configuring <see cref="System.Net.Security.SslStream"/>
-  /// as a client.
+  /// Stores the parameters used to configure a <see cref="SslStream"/> instance as a client.
   /// </summary>
   public class ClientSslAuthConfiguration
   {
@@ -49,39 +49,26 @@ namespace WebSocketSharp.Net
 
     /// <summary>
     /// Initializes a new instance of the <see cref="ClientSslAuthConfiguration"/> class with
-    /// the specified <paramref name="clientCertificates"/>.
+    /// the specified <paramref name="targetHost"/>.
     /// </summary>
-    /// <param name="clientCertificates">
-    /// A <see cref="X509CertificateCollection"/> that contains client certificates.
+    /// <param name="targetHost">
+    /// A <see cref="string"/> that represents the name of the server that shares
+    /// a secure connection.
     /// </param>
-    public ClientSslAuthConfiguration (X509CertificateCollection clientCertificates)
-      : this (clientCertificates, SslProtocols.Default, false)
+    public ClientSslAuthConfiguration (string targetHost)
+      : this (targetHost, null, SslProtocols.Default, false)
     {
     }
 
     /// <summary>
     /// Initializes a new instance of the <see cref="ClientSslAuthConfiguration"/> class with
-    /// the specified <paramref name="clientCertificates"/> and
-    /// <paramref name="enabledSslProtocols"/>.
+    /// the specified <paramref name="targetHost"/>, <paramref name="clientCertificates"/>,
+    /// <paramref name="enabledSslProtocols"/>, and <paramref name="checkCertificateRevocation"/>.
     /// </summary>
-    /// <param name="clientCertificates">
-    /// A <see cref="X509CertificateCollection"/> that contains client certificates.
+    /// <param name="targetHost">
+    /// A <see cref="string"/> that represents the name of the server that shares
+    /// a secure connection.
     /// </param>
-    /// <param name="enabledSslProtocols">
-    /// The <see cref="SslProtocols"/> enum value that represents the protocols used for
-    /// authentication.
-    /// </param>
-    public ClientSslAuthConfiguration (
-      X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols)
-      : this (clientCertificates, enabledSslProtocols, false)
-    {
-    }
-
-    /// <summary>
-    /// Initializes a new instance of the <see cref="ClientSslAuthConfiguration"/> class with
-    /// the specified <paramref name="clientCertificates"/>, <paramref name="enabledSslProtocols"/>,
-    /// and <paramref name="checkCertificateRevocation"/>.
-    /// </summary>
     /// <param name="clientCertificates">
     /// A <see cref="X509CertificateCollection"/> that contains client certificates.
     /// </param>
@@ -94,10 +81,12 @@ namespace WebSocketSharp.Net
     /// otherwise, <c>false</c>.
     /// </param>
     public ClientSslAuthConfiguration (
+      string targetHost,
       X509CertificateCollection clientCertificates,
       SslProtocols enabledSslProtocols,
       bool checkCertificateRevocation)
     {
+      TargetHost = targetHost;
       ClientCertificates = clientCertificates;
       EnabledSslProtocols = enabledSslProtocols;
       CheckCertificateRevocation = checkCertificateRevocation;
@@ -133,6 +122,15 @@ namespace WebSocketSharp.Net
     /// </value>
     public SslProtocols EnabledSslProtocols { get; set; }
 
+    /// <summary>
+    /// Gets or sets the name of the server that shares a secure connection.
+    /// </summary>
+    /// <value>
+    /// A <see cref="string"/> that represents the name of the server that shares
+    /// a secure connection.
+    /// </value>
+    public string TargetHost { get; set; }
+
     #endregion
   }
 }
\ No newline at end of file
diff --git a/websocket-sharp/WebSocket.cs b/websocket-sharp/WebSocket.cs
index d11398ca..eae805a5 100644
--- a/websocket-sharp/WebSocket.cs
+++ b/websocket-sharp/WebSocket.cs
@@ -498,16 +498,19 @@ namespace WebSocketSharp
     }
 
     /// <summary>
-    /// Gets or sets the SSL configuration used to authenticate the server and optionally the client
-    /// on the secure connection.
+    /// Gets or sets the SSL configuration used to authenticate the server and
+    /// optionally the client for secure connection.
     /// </summary>
     /// <value>
-    /// A <see cref="ClientSslAuthConfiguration"/> that represents the SSL configuration used to
-    /// authenticate the server and optionally the client.
+    /// A <see cref="ClientSslAuthConfiguration"/> that represents the configuration
+    /// used to authenticate the server and optionally the client for secure connection,
+    /// or <see langword="null"/> if the <see cref="WebSocket"/> is used as server.
     /// </value>
     public ClientSslAuthConfiguration SslConfiguration {
       get {
-        return _sslConfig;
+        return _client
+               ? (_sslConfig ?? (_sslConfig = new ClientSslAuthConfiguration (_uri.DnsSafeHost)))
+               : null;
       }
 
       set {
@@ -1366,24 +1369,31 @@ namespace WebSocketSharp
       }
 
       if (_secure) {
-        var sslStream = new SslStream (
-          _stream,
-          false,
-          _certValidationCallback ?? ((sender, certificate, chain, sslPolicyErrors) => true),
-          _certSelectionCallback ??
-            ((sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
-              null));
+        var conf = SslConfiguration;
+        if (conf.TargetHost != _uri.DnsSafeHost)
+          throw new WebSocketException (
+            CloseStatusCode.TlsHandshakeFailure, "An invalid host name is specified.");
+
+        try {
+          var sslStream = new SslStream (
+            _stream,
+            false,
+            _certValidationCallback ?? ((sender, certificate, chain, sslPolicyErrors) => true),
+            _certSelectionCallback ??
+              ((sender, targetHost, localCertificates, remoteCertificate, acceptableIssuers) =>
+                null));
 
-        if (_sslConfig == null)
-          sslStream.AuthenticateAsClient (_uri.DnsSafeHost);
-        else
           sslStream.AuthenticateAsClient (
-            _uri.DnsSafeHost,
-            _sslConfig.ClientCertificates,
-            _sslConfig.EnabledSslProtocols,
-            _sslConfig.CheckCertificateRevocation);
+            conf.TargetHost,
+            conf.ClientCertificates,
+            conf.EnabledSslProtocols,
+            conf.CheckCertificateRevocation);
 
-        _stream = sslStream;
+          _stream = sslStream;
+        }
+        catch (Exception ex) {
+          throw new WebSocketException (CloseStatusCode.TlsHandshakeFailure, ex);
+        }
       }
     }