diff --git a/smtpd.go b/smtpd.go
index a705ff3..797ad8e 100644
--- a/smtpd.go
+++ b/smtpd.go
@@ -113,7 +113,15 @@ func (srv *Server) newSession(c net.Conn) (s *session) {
 	// Check if the underlying connection is already TLS.
 	// This will happen if the Listerner provided Serve()
 	// is from tls.Listen()
-	__, s.tls = c.(*tls.Conn)
+
+	var tlsConn *tls.Conn
+
+	tlsConn, s.tls = c.(*tls.Conn)
+
+	if s.tls {
+		state := tlsConn.ConnectionState()
+		s.peer.TLS = &state
+	}
 
 	s.scanner = bufio.NewScanner(s.reader)
 
diff --git a/smtpd_test.go b/smtpd_test.go
index e60cb19..3b7a5b7 100644
--- a/smtpd_test.go
+++ b/smtpd_test.go
@@ -1209,7 +1209,12 @@ func TestTLSListener(t *testing.T) {
 	addr := ln.Addr().String()
 
 	server := &smtpd.Server{
-		Authenticator: func(peer smtpd.Peer, username, password string) error { return nil },
+		Authenticator: func(peer smtpd.Peer, username, password string) error {
+			if peer.TLS == nil {
+				t.Error("didn't correctly set connection state on TLS connection")
+			}
+			return nil
+		},
 	}
 
 	go func() {